Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" (https://www.trojaner-board.de/108225-meldung-achtung-sicherheitsgruenden-wurde-windowssystem-gesperrt.html)

GutenTag 17.01.2012 18:33
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"
 
Hallo miteinander, vielen dank schonmal im vorraus für jegliche hilfe!

Seit ein paar wochen ließ sich firefox nichtmehr updaten (laden dauerte einfach immer ewig und nichts geschah), ich hatte aber auch schon version 9.0 und fand es deshalb nicht so wichtig.
Am sonntag zeigte mein laptop die nachricht "Achtung! Aus Sicherheitsgründen wurde ihr System blockiert." Ich glaube mein Bild war folgende version:
hxxp://blog.teesupport.com/wp-content/uploads/2011/12/Achtung-Aus-Sicherheitsgr%C3%BCnden-wurde-Ihr-Windowssystem-blockiert-scam.bmp
Ich bin mir aber nicht mehr 100prozentig sicher ob es genau das bild war.

Ich habe dann zunächst die allerwichtigsten dateien gerettet, mit einer ubuntu live-cd. Als antivirenprogramm habe ich avira, das hatte nichts gemeldet. Ein scan mit Malwarebytes zeigte 2 treffer und folgendes log:
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.15.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Stefan :: STEFAN-MSI [Administrator]

15.01.2012 16:52:27
mbam-log-2012-01-15 (18-17-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 481837
Laufzeit: 1 Stunde(n), 23 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Keine Aktion durchgeführt.

Infizierte Dateien: 1
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.

(Ende)
(was angezeigt wurde habe ich eigentlich gelöscht (obwohl da steht keine aktion durchgeführt :-S) ).
Ich habe die namen der viren nicht in den titel aufgenommen, da ich fürchtete das das noch ganz andere waren.

Danach probierte ich die systemwiederherstellung, diese misslang. Firefox musste ich neu installieren, es ließ sich nicht mehr starten. Sonntag und montag habe ich dann erstmal nichts weiter unternommen, musste aber dennoch am laptop arbeiten, während dieser Zeit traten bis heute keine Symptome auf. Heute hab ich dann nochmal eine systemwiederherstellung aus dem abgesicherten modus probiert, das hat geklappt, habe dort auf den 13.01., also 2 tage vor dem ereignis zurückgesetzt.

Mein System ist windows 7- 64 Bit. Ich benutze avira (die freie version) und firefox, bis auf firefox (siehe oben) müsste alles ziemlich up to date gewesen sein, (jetzt sowieso), allerdings war der acrobat-reader wahrscheinlich schon etwas älter.

Ich habe jetzt den "defogger" ausgeführt und auch dieses "OTL". Hier die logfiles:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:57 on 17/01/2012 (Stefan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Extras: (diese datei erschien bei mir nicht nach dem "quickscan", nur beim "scan", habe erstmal diese gepostet)
OTL Logfile:
Code:
OTL Extras logfile created on: 1/17/2012 6:26:07 PM - Run 5
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Stefan\Desktop\virus
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.41% Memory free
7.59 Gb Paging File | 5.95 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 179.11 Gb Free Space | 65.51% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 156.23 Gb Free Space | 86.66% Space Free | Partition Type: NTFS
Drive F: | 14.63 Gb Total Space | 14.56 Gb Free Space | 99.48% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64798798-D0C8-4246-56FB-5C5D8A61615C}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8725474-37EF-7FCE-DB35-D2CCE7A4C462}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Motorola Bluetooth_is1" = Motorola Bluetooth
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{08DE5112-C279-F317-EB93-4D30708A3AE4}" = CCC Help Czech
"{11742D23-0668-5AA8-19FA-8F88FADC1ABE}" = Catalyst Control Center Graphics Light
"{1AFF250C-F408-DBBA-ECBE-33467D3F76BC}" = CCC Help Chinese Standard
"{1B33B869-A7B8-3F7B-CB3D-54D1A2A16B37}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27BA485D-529E-F94D-C8C5-499547E6493A}" = CCC Help Danish
"{2D2E4682-3B5C-5A3C-1379-F497BCC8B55C}" = CCC Help Chinese Traditional
"{32BB5A09-D930-EB57-737D-7B0BAD29D5D2}" = CCC Help Japanese
"{359E7E50-5ED2-466A-88A6-C36F8AB59018}" = MATLAB(R) Compiler Runtime 7.8
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D735073-A39C-F5B4-5A9F-CC8B5177251D}" = CCC Help Hungarian
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{488CC14B-15FC-AFFB-F8E4-72B97F7A7C00}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52EC4C05-0290-D8DB-948E-4BE0C8FE5F4D}" = CCC Help Norwegian
"{53128B2F-8A2B-5FC7-B735-3826B294BE7D}" = Catalyst Control Center Graphics Full New
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5833B2D1-B2C1-2819-1EA5-EE23C772DF01}" = CCC Help English
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C48CA5-C5D3-2E46-06A4-1A06791A20AB}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{679A64E7-14CD-FF36-1470-9DED77603F7B}" = CCC Help Russian
"{6BC27278-28F6-D98A-587C-591FD8DDDC4C}" = PowerXpressHybrid
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B5512F-E710-8F87-4597-B126F54BD6D1}" = CCC Help Thai
"{7703D8FE-8C98-8CD9-A946-475DC6BBA04C}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B034E4B-A41A-7B9F-9820-C58C4CC99716}" = Catalyst Control Center Core Implementation
"{7D73203D-5854-3B87-25A7-9025829EB076}" = CCC Help Finnish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD960B-2ECC-595C-F934-543061F10F2B}" = CCC Help Italian
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92683FBF-ADB3-F0BF-E652-35D11FE190DE}" = PX Profile Update
"{92942F31-C642-7839-BA61-CC5E1DD9397D}" = CCC Help Swedish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5F481DE-A5D2-725F-A0F3-1E663272D198}" = PX Profile Update
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{BA659DC5-F577-4364-903D-20C16DD4BDB3}" = Catalyst Control Center - Branding
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{C85F4BE3-0725-1D9C-50D7-27A5F8CBE6EF}" = CCC Help Greek
"{CA659543-232D-9B74-7058-A8C2DDA16405}" = ccc-core-static
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CD0A677F-D3BB-1187-1669-AE2960659370}" = Catalyst Control Center Localization All
"{CF83661A-F6FC-39A7-9552-B86E1239CC40}" = CCC Help Turkish
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D850DA0F-468D-9BCE-D601-A41D294F1BD8}" = Catalyst Control Center InstallProxy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E81E7CD7-74D6-E355-F19A-427F1B2EE3BF}" = Catalyst Control Center Graphics Full Existing
"{EBC48194-90E6-EBA1-0DD6-9466095E1CAF}" = CCC Help French
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EF5B8746-E00C-6306-879E-05444A6839C9}" = CCC Help Portuguese
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C60A5C-7666-FF75-630F-A136B5FAD451}" = Catalyst Control Center InstallProxy
"{FC09D493-A649-E880-A505-DEAA304E1A8D}" = CCC Help German
"{FC8CF7E1-5722-9952-2A56-8C28E2D17A42}" = CCC Help Dutch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.0.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"MediaProSoft Free Video to AVI MPEG Converter_is1" = MediaProSoft Free Video to AVI MPEG Converter 6.5.2
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SopCast" = SopCast 3.4.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/17/2012 6:44:23 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 1/17/2012 6:45:36 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 1/17/2012 6:45:36 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 1/17/2012 6:59:16 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feebb40917
ID
 des fehlerhaften Prozesses: 0x9a8  Startzeit der fehlerhaften Anwendung: 0x01ccd504f2bb8217
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 4b7dcfdd-40fa-11e1-a05e-8773b4fb38b3
 
Error - 1/17/2012 7:14:46 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feef660917
ID
 des fehlerhaften Prozesses: 0x164  Startzeit der fehlerhaften Anwendung: 0x01ccd5071fb899b0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 76519c6f-40fc-11e1-a05e-8773b4fb38b3
 
Error - 1/17/2012 7:30:18 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feefb20917
ID
 des fehlerhaften Prozesses: 0x490  Startzeit der fehlerhaften Anwendung: 0x01ccd5094a954004
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: a1d51d3f-40fe-11e1-a05e-8773b4fb38b3
 
Error - 1/17/2012 11:08:08 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feecd80917
ID
 des fehlerhaften Prozesses: 0x538  Startzeit der fehlerhaften Anwendung: 0x01ccd526d1df3d11
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 0fd38975-411d-11e1-a22b-bd4bd947b9b3
 
Error - 1/17/2012 11:23:38 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feecc20917
ID
 des fehlerhaften Prozesses: 0xcf0  Startzeit der fehlerhaften Anwendung: 0x01ccd529e410f0a0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 3a7c8dc7-411f-11e1-a22b-829409eac0a0
 
Error - 1/17/2012 11:39:10 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feecf40917
ID
 des fehlerhaften Prozesses: 0x1024  Startzeit der fehlerhaften Anwendung: 0x01ccd52c0ebd5ff7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 660226f6-4121-11e1-a22b-829409eac0a0
 
Error - 1/17/2012 12:05:48 PM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feed0e0917
ID
 des fehlerhaften Prozesses: 0xe30  Startzeit der fehlerhaften Anwendung: 0x01ccd52fc7815db0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 1e7c9892-4125-11e1-a22b-829409eac0a0
 
[ OSession Events ]
Error - 4/2/2011 9:21:24 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 4/2/2011 10:09:54 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2905 seconds with 1860 seconds of active time.  This session ended with a
 crash.
 
Error - 4/2/2011 10:27:01 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1015 seconds with 780 seconds of active time.  This session ended with a
crash.
 
Error - 4/12/2011 3:29:47 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 588 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2011 12:54:13 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 960
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2011 3:29:26 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2011 3:40:03 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 507
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 1/15/2012 3:58:59 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2065 seconds with 1020 seconds of active time.  This session ended with a
 crash.
 
Error - 1/15/2012 4:03:09 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 241 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 1/15/2012 4:09:55 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 1/17/2012 5:53:27 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
  %%183
 
Error - 1/17/2012 5:53:27 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
  %%183
 
Error - 1/17/2012 6:28:56 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 6:59:16 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 7:14:46 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 7:30:18 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 3 Mal passiert.
 
Error - 1/17/2012 11:08:08 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 11:23:38 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 11:39:10 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 3 Mal passiert.
 
Error - 1/17/2012 12:05:48 PM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 4 Mal passiert.
 
 
< End of report >
--- --- ---


OTL: (diese erschien bei mir nach dem "quickscan" wie in der anleitung gefordert)

OTL Logfile:
Code:
OTL logfile created on: 1/17/2012 6:10:00 PM - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Stefan\Desktop\virus
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 68.01% Memory free
7.59 Gb Paging File | 6.07 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 179.16 Gb Free Space | 65.53% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 156.23 Gb Free Space | 86.66% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\html5video
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Programme\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/01/17 11:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/20 17:13:50 | 000,000,000 | ---D | M]
 
[2010/08/26 16:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2011/09/13 20:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/06 18:00:55 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\support@predictad.com
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\GMAILADSREMOVER@FLORIAN.BERSIER.XPI
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D96F9474-9768-4EC4-B81B-89ECBBC610DE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: BTMTrayAgent - hkey= - key= - C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/17 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\virus
[2012/01/17 11:50:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira
[2012/01/17 11:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/17 11:44:46 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/01/17 11:44:46 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/01/17 11:44:46 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/01/17 11:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/17 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/01/17 11:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/17 11:26:12 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2012/01/17 11:26:12 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2012/01/17 11:26:12 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcm80.dll
[2012/01/17 11:26:12 | 000,043,992 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozutils.dll
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchplugins
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hyphenation
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\extensions
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\components
[2012/01/15 15:17:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2012/01/15 15:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 15:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/11 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\graphpad
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software
[2012/01/09 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\alte prüfungen
[2012/01/01 12:36:09 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2012/01/01 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series
[2011/07/14 14:08:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011/07/14 14:08:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011/05/15 12:59:56 | 000,814,040 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/05/15 12:59:56 | 000,486,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011/05/15 12:59:56 | 000,097,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011/05/15 12:59:56 | 000,015,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010/08/26 16:06:57 | 016,096,216 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2010/08/26 16:06:57 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2010/08/26 16:06:57 | 000,170,968 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010/08/26 16:06:57 | 000,154,584 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010/08/26 16:06:57 | 000,019,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010/08/26 16:06:56 | 000,924,632 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2010/08/26 16:06:56 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll
[2010/08/26 16:06:56 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll
[2010/08/26 16:06:56 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010/08/26 16:06:56 | 000,371,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010/08/26 16:06:56 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2010/08/26 16:06:56 | 000,187,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010/08/26 16:06:56 | 000,125,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2010/08/26 16:06:56 | 000,109,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010/08/26 16:06:56 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010/08/26 16:06:56 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2010/08/26 16:06:56 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2010/08/26 16:06:56 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/17 17:58:14 | 001,521,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/17 17:58:14 | 000,662,748 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/01/17 17:58:14 | 000,623,288 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/17 17:58:14 | 000,133,786 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/01/17 17:58:14 | 000,109,410 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/17 17:50:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 17:50:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 17:42:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/17 17:42:34 | 3055,693,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 11:57:41 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012/01/17 11:45:07 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/17 11:26:49 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk
[2011/12/21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll
[2011/12/21 08:42:28 | 000,814,040 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/12/21 08:42:28 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk
[2011/12/21 06:09:19 | 005,642,801 | ---- | M] () -- C:\Program Files (x86)\omni.jar
[2011/12/21 06:09:19 | 000,002,723 | ---- | M] () -- C:\Program Files (x86)\precomplete
[2011/12/21 06:09:15 | 000,000,701 | ---- | M] () -- C:\Program Files (x86)\updater.ini
[2011/12/21 06:09:14 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\update.locale
[2011/12/21 06:08:51 | 000,004,284 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini
[2011/12/21 06:08:50 | 000,000,706 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini
[2011/12/21 05:29:43 | 000,011,263 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml
[2011/12/21 05:29:42 | 000,002,153 | ---- | M] () -- C:\Program Files (x86)\application.ini
[2011/12/21 05:29:42 | 000,000,141 | ---- | M] () -- C:\Program Files (x86)\platform.ini
[2011/12/21 05:29:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list
[2011/12/21 03:54:19 | 000,034,427 | ---- | M] () -- C:\Program Files (x86)\removed-files
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/17 11:57:41 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2012/01/17 11:45:06 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/15 18:40:55 | 002,124,760 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2011/07/14 14:08:31 | 000,002,723 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011/05/15 12:59:56 | 005,642,801 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011/05/15 12:59:56 | 000,034,427 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011/04/15 08:27:58 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/04/15 08:27:57 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/04/15 08:27:57 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/04/15 08:27:55 | 000,002,110 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/31 18:28:25 | 001,540,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll
[2011/03/31 18:26:48 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll
[2011/03/31 18:25:03 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll
[2011/03/31 18:25:03 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll
[2011/02/23 12:12:38 | 000,010,752 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 01:35:52 | 000,007,603 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2010/09/25 16:43:19 | 000,005,140 | ---- | C] () -- C:\Program Files (x86)\folders.cache
[2010/09/03 10:49:52 | 000,029,104 | ---- | C] () -- C:\windows\scunin.dat
[2010/08/26 16:06:58 | 000,000,701 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010/08/26 16:06:58 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010/08/26 16:06:57 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010/08/26 16:06:56 | 000,011,263 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2010/08/26 16:06:56 | 000,004,284 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2010/08/26 16:06:56 | 000,002,153 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2010/08/26 16:06:56 | 000,000,706 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2010/08/26 16:06:56 | 000,000,141 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010/08/26 16:06:56 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2010/03/17 20:41:22 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/03/17 20:38:40 | 000,001,018 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2010/03/17 19:18:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/03/17 19:18:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/09/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Bandoo
[2011/07/19 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011/06/01 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/11 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2011/04/06 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MediaProSoft Free Video to AVI MPEG Converter
[2011/08/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\My Games
[2010/09/14 09:46:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012/01/12 10:57:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Segment
[2011/06/30 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client
[2012/01/06 09:12:59 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/08/26 13:27:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/02/03 14:52:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/09/15 21:29:45 | 000,000,000 | ---D | M] -- C:\fb850b3bbd8e18aa237f9d25
[2010/03/17 20:41:40 | 000,000,000 | ---D | M] -- C:\Intel
[2010/03/17 20:44:55 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/01/16 14:51:56 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/01/17 11:44:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012/01/17 11:44:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/01/17 18:11:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/10/18 19:31:54 | 000,000,000 | R--D | M] -- C:\Users
[2012/01/17 10:53:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2011/12/21 08:42:28 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2011/12/21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2011/12/21 08:42:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011/12/21 08:42:29 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\windows\SysNative\drivers\afd.sys
[2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2010/03/18 00:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/03/18 00:49:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/17 19:12:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/17 19:12:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/17 19:12:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/18 00:49:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/17 19:12:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/18 00:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---


Über jedwede hilfe würde ich mich sehr freuen, vielen dank im vorraus!

P.S.:Ich schreibe hier von einem mac aus und benutze zum transfer der logs immer meinen usb-stick, auf diesem hält sich auch nach dem löschen eine "autorun.inf", erstellt die ein (der) virus immer wieder neu, oder ist das normal? hab sie hier mal durchgecheckt: https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/ ... demnach war nichts auffällig, aber es wundert mich dass die datei immer wieder auftaucht. Avira blockt die datei regelmäßig, also nicht nur beim einstecken, so alle 5 min.

Nochmal vielen dank für jeden der hier seine zeit opfert!

cosinus 18.01.2012 20:39
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

GutenTag 18.01.2012 21:04
Hey, vielen Dank für deine Antwort, habe leider kein älteres log, habe das programm erst nach dem Auftreten meines Problems installiert. Aber folgendes ist zwischendurch passiert, was vielleicht weiterhilft:

Wie oben beschrieben musste ich ja auch firefox neu installieren, da ihm die von malwarebytes gelöschte datei fehlte: C:\Program Files (x86)\mozjs.dll
Daraufhin habe ich firefox neu installiert (vom desktop pc über usb-stick), außerdem musste ich avira neu installieren (sowohl guard als auch update waren abgeschaltet), danach fuhr ich den rechner herunter, windows-updates wurden installiert. Beim windows-startbildschirm ging der rechner dann unvermittelt aus. Ein neuerlicher start führte zu einem ausführen von chkdsk, wo irgendwelche indexeinträge repariert wurden (sry, ich hab keine ahnung was da passiert ist). Danach folgte wiederum ein absturz. Auf ein Zurücksetzen des Systems folgte dann wieder ein scan mit malwarebyte, dem dann wieder das löschen der [C:\Program Files (x86)\mozjs.dll] folgte.

Soweit bin ich jetzt... hier das logfile von dem beschriebenen 2. scan:
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.18.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Stefan :: STEFAN-MSI [Administrator]

18.01.2012 18:36:25
mbam-log-2012-01-18 (18-36-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 482030
Laufzeit: 1 Stunde(n), 9 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 18.01.2012 21:43
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


GutenTag 19.01.2012 07:22
Hallo, es hat knapp über 7 stunden gedauert, hier die log.txt

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=518da335e8713441aeae8aed4521da84
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-19 05:11:22
# local_time=2012-01-19 06:11:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775166 100 94 0 63460437 288476 0
# compatibility_mode=5893 16776573 100 94 5724 78553433 0 0
# compatibility_mode=8192 67108863 100 0 5938 5938 0 0
# scanned=379978
# found=1
# cleaned=0
# scan_time=26300
C:\Users\Stefan\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
Firewall ist wieder an. Avira inkl. guard lässt sich ja leider nicht wieder einschalten.

cosinus 19.01.2012 10:50
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

GutenTag 19.01.2012 11:15
Ich bin echt dankbar für deine Hilfe! Und da soll mal noch einer sagen die Menschen wären heute alle kalt und egoistisch^^.

Hier ist der Inhalt der OTL.txt:

Code:
OTL logfile created on: 1/19/2012 10:57:26 AM - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Stefan\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 57.34% Memory free
7.59 Gb Paging File | 6.00 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 175.49 Gb Free Space | 64.19% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 156.24 Gb Free Space | 86.67% Space Free | Partition Type: NTFS
Drive F: | 14.63 Gb Total Space | 10.91 Gb Free Space | 74.58% Space Free | Partition Type: FAT32
Drive G: | 931.28 Gb Total Space | 806.64 Gb Free Space | 86.62% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/19 10:55:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 20:10:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/04 09:23:43 | 000,281,768 | ---- | M] (Avira GmbH) -- c:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/19 00:15:28 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2009/11/04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/13 10:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/06/08 21:52:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/17 20:43:38 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/26 01:19:54 | 001,029,896 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/01/25 21:08:50 | 004,154,120 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2009/12/21 22:41:38 | 000,637,192 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2009/08/06 22:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/06/29 07:06:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 20:10:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/17 20:43:36 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/06/29 07:06:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/29 07:06:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/06/09 00:54:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/08 21:19:36 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/08 21:10:46 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/02/10 08:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/01/27 00:53:48 | 000,461,312 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/01/18 13:37:56 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/01/14 00:44:58 | 000,034,048 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhid.sys -- (BTMHID)
DRV:64bit: - [2010/01/13 01:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/01/07 20:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/12/14 20:08:00 | 000,051,200 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2009/12/02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/06 22:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 22:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/09 04:34:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/05/26 22:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/09/02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/15 21:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/01/18 22:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/20 17:13:50 | 000,000,000 | ---D | M]
 
[2010/08/26 16:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2012/01/15 18:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/06 18:00:55 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\support@predictad.com
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\GMAILADSREMOVER@FLORIAN.BERSIER.XPI
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D96F9474-9768-4EC4-B81B-89ECBBC610DE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 21:01:52 | 000,000,000 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2012/01/18 17:51:46 | 000,000,000 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: BTMTrayAgent - hkey= - key= - C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/19 10:54:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012/01/18 22:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/18 22:13:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Stefan\Desktop\esetsmartinstaller_enu.exe
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchplugins
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hyphenation
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\extensions
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\components
[2012/01/18 16:15:29 | 000,000,000 | ---D | C] -- C:\.Trash-999
[2012/01/18 14:12:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/17 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\virus
[2012/01/17 11:50:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira
[2012/01/17 11:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/15 18:40:56 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2012/01/15 18:40:56 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2012/01/15 18:40:56 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcm80.dll
[2012/01/15 18:40:55 | 000,043,992 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozutils.dll
[2012/01/15 15:17:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2012/01/15 15:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/11 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\graphpad
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software
[2012/01/09 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\alte prüfungen
[2012/01/04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\windows\SysWow64\DivXControlPanelApplet.cpl
[2012/01/01 12:36:09 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2012/01/01 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series
[2011/07/14 14:08:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011/07/14 14:08:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011/05/15 12:59:56 | 000,814,040 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/05/15 12:59:56 | 000,486,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011/05/15 12:59:56 | 000,097,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011/05/15 12:59:56 | 000,015,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010/08/26 16:06:57 | 016,096,216 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2010/08/26 16:06:57 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2010/08/26 16:06:57 | 000,170,968 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010/08/26 16:06:57 | 000,154,584 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010/08/26 16:06:57 | 000,019,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010/08/26 16:06:56 | 000,924,632 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2010/08/26 16:06:56 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010/08/26 16:06:56 | 000,371,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010/08/26 16:06:56 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2010/08/26 16:06:56 | 000,187,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010/08/26 16:06:56 | 000,125,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2010/08/26 16:06:56 | 000,109,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010/08/26 16:06:56 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010/08/26 16:06:56 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2010/08/26 16:06:56 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2010/08/26 16:06:56 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/19 10:55:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012/01/19 10:53:23 | 001,521,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/19 10:53:23 | 000,662,748 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/01/19 10:53:23 | 000,623,288 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/19 10:53:23 | 000,133,786 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/01/19 10:53:23 | 000,109,410 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/19 10:51:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/18 22:18:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:18:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:12:26 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/18 22:02:34 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Stefan\Desktop\esetsmartinstaller_enu.exe
[2012/01/18 22:01:21 | 3055,693,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 18:11:34 | 280,054,807 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/17 11:57:41 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012/01/16 17:08:15 | 000,011,776 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\DivXControlPanelApplet.cpl
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk
[2011/12/21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll
[2011/12/21 08:42:28 | 000,814,040 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/12/21 08:42:28 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk
[2011/12/21 06:09:19 | 005,642,801 | ---- | M] () -- C:\Program Files (x86)\omni.jar
[2011/12/21 06:09:19 | 000,002,723 | ---- | M] () -- C:\Program Files (x86)\precomplete
[2011/12/21 06:09:15 | 000,000,701 | ---- | M] () -- C:\Program Files (x86)\updater.ini
[2011/12/21 06:09:14 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\update.locale
[2011/12/21 06:08:51 | 000,004,284 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini
[2011/12/21 06:08:50 | 000,000,706 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini
[2011/12/21 05:29:43 | 000,011,263 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml
[2011/12/21 05:29:42 | 000,002,153 | ---- | M] () -- C:\Program Files (x86)\application.ini
[2011/12/21 05:29:42 | 000,000,141 | ---- | M] () -- C:\Program Files (x86)\platform.ini
[2011/12/21 05:29:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list
[2011/12/21 03:54:19 | 000,034,427 | ---- | M] () -- C:\Program Files (x86)\removed-files
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/18 22:12:01 | 002,124,760 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2012/01/17 11:57:41 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2011/07/14 14:08:31 | 000,002,723 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011/05/15 12:59:56 | 005,642,801 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011/05/15 12:59:56 | 000,034,427 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011/04/15 08:27:58 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/04/15 08:27:57 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/04/15 08:27:57 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/04/15 08:27:55 | 000,002,110 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/31 18:28:25 | 001,540,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll
[2011/03/31 18:26:48 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll
[2011/03/31 18:25:03 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll
[2011/03/31 18:25:03 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll
[2011/02/23 12:12:38 | 000,011,776 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 01:35:52 | 000,007,603 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2010/09/25 16:43:19 | 000,005,140 | ---- | C] () -- C:\Program Files (x86)\folders.cache
[2010/09/03 10:49:52 | 000,029,104 | ---- | C] () -- C:\windows\scunin.dat
[2010/08/26 16:06:58 | 000,000,701 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010/08/26 16:06:58 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010/08/26 16:06:57 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010/08/26 16:06:56 | 000,011,263 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2010/08/26 16:06:56 | 000,004,284 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2010/08/26 16:06:56 | 000,002,153 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2010/08/26 16:06:56 | 000,000,706 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2010/08/26 16:06:56 | 000,000,141 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010/08/26 16:06:56 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2010/03/17 20:41:22 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/03/17 20:38:40 | 000,001,018 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2010/03/17 19:18:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/03/17 19:18:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/09/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Bandoo
[2011/07/19 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011/06/01 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/11 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2011/04/06 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MediaProSoft Free Video to AVI MPEG Converter
[2011/08/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\My Games
[2010/09/14 09:46:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012/01/18 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Segment
[2011/06/30 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client
[2012/01/06 09:12:59 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/03/25 10:20:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe
[2010/08/27 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ArcSoft
[2010/08/26 13:28:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ATI
[2012/01/17 11:50:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Avira
[2011/09/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Bandoo
[2011/02/23 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DivX
[2011/07/19 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011/06/01 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/11 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2010/08/26 13:27:37 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities
[2010/08/26 13:21:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\InstallShield
[2010/08/26 15:50:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia
[2012/01/19 03:09:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2010/08/27 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MathWorks
[2010/03/17 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs
[2011/04/06 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MediaProSoft Free Video to AVI MPEG Converter
[2012/01/08 09:53:20 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft
[2010/08/26 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2011/08/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\My Games
[2010/09/14 09:46:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012/01/18 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Segment
[2011/12/01 00:56:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skype
[2011/06/30 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client
[2012/01/19 03:10:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011/05/25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011/05/25 21:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011/04/15 08:31:08 | 000,010,134 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{A5F481DE-A5D2-725F-A0F3-1E663272D198}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 19.01.2012 11:39
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 21:01:52 | 000,000,000 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2012/01/18 17:51:46 | 000,000,000 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

GutenTag 19.01.2012 12:03
Heyho,

der rechner wollte neu gestartet werden, nach dem neustart sollte ich das ausführen von OTL zulassen, was ich auch getan habe.

Hier das log:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
F:\AUTORUN.INF moved successfully.
G:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ not found.
File F:\LaunchU3.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 676567625 bytes
->Temporary Internet Files folder emptied: 336310534 bytes
->Java cache emptied: 117850 bytes
->FireFox cache emptied: 1092445228 bytes
->Flash cache emptied: 25684 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 159241419 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 9317533120 bytes
 
Total Files Cleaned = 11,046.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01192012_114414

Files\Folders moved on Reboot...
C:\Users\Stefan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 19.01.2012 12:17
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

GutenTag 19.01.2012 12:43
Hier ist das log von TDSSKiller:

Code:
12:22:31.0373 5040        TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
12:22:31.0638 5040        ============================================================
12:22:31.0638 5040        Current date / time: 2012/01/19 12:22:31.0638
12:22:31.0638 5040        SystemInfo:
12:22:31.0638 5040       
12:22:31.0638 5040        OS Version: 6.1.7600 ServicePack: 0.0
12:22:31.0638 5040        Product type: Workstation
12:22:31.0638 5040        ComputerName: STEFAN-MSI
12:22:31.0638 5040        UserName: Stefan
12:22:31.0638 5040        Windows directory: C:\windows
12:22:31.0638 5040        System windows directory: C:\windows
12:22:31.0638 5040        Running under WOW64
12:22:31.0638 5040        Processor architecture: Intel x64
12:22:31.0638 5040        Number of processors: 4
12:22:31.0638 5040        Page size: 0x1000
12:22:31.0638 5040        Boot type: Normal boot
12:22:31.0638 5040        ============================================================
12:22:32.0122 5040        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:22:32.0122 5040        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:22:37.0816 5040        Drive \Device\Harddisk2\DR2 - Size: 0x3A9800000 (14.65 Gb), SectorSize: 0x200, Cylinders: 0x778, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:22:37.0910 5040        Initialize success
12:23:36.0628 4908        ============================================================
12:23:36.0628 4908        Scan started
12:23:36.0628 4908        Mode: Manual; SigCheck; TDLFS;
12:23:36.0628 4908        ============================================================
12:23:37.0003 4908        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
12:23:37.0112 4908        1394ohci - ok
12:23:37.0252 4908        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
12:23:37.0268 4908        ACPI - ok
12:23:37.0346 4908        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
12:23:37.0393 4908        AcpiPmi - ok
12:23:37.0580 4908        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
12:23:37.0595 4908        adp94xx - ok
12:23:37.0736 4908        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
12:23:37.0767 4908        adpahci - ok
12:23:37.0845 4908        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
12:23:37.0876 4908        adpu320 - ok
12:23:38.0001 4908        AFD            (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
12:23:38.0063 4908        AFD - ok
12:23:38.0204 4908        AgereSoftModem  (d2914e53e8f299654d400f96eb466054) C:\windows\system32\DRIVERS\agrsm64.sys
12:23:38.0282 4908        AgereSoftModem - ok
12:23:38.0407 4908        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
12:23:38.0422 4908        agp440 - ok
12:23:38.0563 4908        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
12:23:38.0578 4908        aliide - ok
12:23:38.0719 4908        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
12:23:38.0734 4908        amdide - ok
12:23:38.0781 4908        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
12:23:38.0828 4908        AmdK8 - ok
12:23:39.0077 4908        amdkmdag        (0d0af6574e723334f8bde3e631145d18) C:\windows\system32\DRIVERS\atikmdag.sys
12:23:39.0311 4908        amdkmdag - ok
12:23:39.0436 4908        amdkmdap        (693d7a53bca6433fdc660cea0ad20153) C:\windows\system32\DRIVERS\atikmpag.sys
12:23:39.0483 4908        amdkmdap - ok
12:23:39.0577 4908        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
12:23:39.0639 4908        AmdPPM - ok
12:23:39.0733 4908        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
12:23:39.0764 4908        amdsata - ok
12:23:39.0795 4908        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
12:23:39.0811 4908        amdsbs - ok
12:23:39.0920 4908        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
12:23:39.0935 4908        amdxata - ok
12:23:40.0076 4908        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
12:23:40.0123 4908        AppID - ok
12:23:40.0201 4908        arc            (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
12:23:40.0216 4908        arc - ok
12:23:40.0279 4908        arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
12:23:40.0294 4908        arcsas - ok
12:23:40.0388 4908        ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:23:40.0419 4908        ArcSoftKsUFilter - ok
12:23:40.0513 4908        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
12:23:40.0606 4908        AsyncMac - ok
12:23:40.0715 4908        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
12:23:40.0731 4908        atapi - ok
12:23:40.0871 4908        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
12:23:40.0887 4908        avgntflt - ok
12:23:41.0043 4908        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
12:23:41.0043 4908        avipbb - ok
12:23:41.0183 4908        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
12:23:41.0246 4908        b06bdrv - ok
12:23:41.0355 4908        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
12:23:41.0402 4908        b57nd60a - ok
12:23:41.0511 4908        Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
12:23:41.0573 4908        Beep - ok
12:23:41.0714 4908        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
12:23:41.0761 4908        blbdrive - ok
12:23:41.0885 4908        bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
12:23:41.0932 4908        bowser - ok
12:23:42.0041 4908        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:23:42.0104 4908        BrFiltLo - ok
12:23:42.0135 4908        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:23:42.0151 4908        BrFiltUp - ok
12:23:42.0275 4908        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
12:23:42.0322 4908        Brserid - ok
12:23:42.0353 4908        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
12:23:42.0400 4908        BrSerWdm - ok
12:23:42.0509 4908        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
12:23:42.0572 4908        BrUsbMdm - ok
12:23:42.0650 4908        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
12:23:42.0697 4908        BrUsbSer - ok
12:23:42.0790 4908        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
12:23:42.0821 4908        BthEnum - ok
12:23:42.0899 4908        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
12:23:42.0946 4908        BTHMODEM - ok
12:23:43.0024 4908        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
12:23:43.0087 4908        BthPan - ok
12:23:43.0180 4908        BTHPORT        (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
12:23:43.0227 4908        BTHPORT - ok
12:23:43.0367 4908        BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
12:23:43.0414 4908        BTHUSB - ok
12:23:43.0477 4908        BTMCOM          (bb95f4f2c1ada589e97c8598e14e1c74) C:\windows\System32\Drivers\btmcom.sys
12:23:43.0523 4908        BTMCOM - ok
12:23:43.0601 4908        BTMHID          (a505e3d17b12113d947a85baa3070691) C:\windows\system32\DRIVERS\btmhid.sys
12:23:43.0633 4908        BTMHID - ok
12:23:43.0695 4908        BTMUSB          (09b5a74916fa3417186c8f494ae6c9fe) C:\windows\system32\Drivers\btmusb.sys
12:23:43.0742 4908        BTMUSB - ok
12:23:43.0835 4908        cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
12:23:43.0913 4908        cdfs - ok
12:23:44.0023 4908        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
12:23:44.0069 4908        cdrom - ok
12:23:44.0179 4908        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
12:23:44.0241 4908        circlass - ok
12:23:44.0319 4908        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
12:23:44.0350 4908        CLFS - ok
12:23:44.0475 4908        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
12:23:44.0522 4908        CmBatt - ok
12:23:44.0569 4908        cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
12:23:44.0584 4908        cmdide - ok
12:23:44.0693 4908        CNG            (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
12:23:44.0740 4908        CNG - ok
12:23:44.0865 4908        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
12:23:44.0881 4908        Compbatt - ok
12:23:44.0927 4908        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
12:23:44.0959 4908        CompositeBus - ok
12:23:45.0068 4908        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
12:23:45.0083 4908        crcdisk - ok
12:23:45.0239 4908        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
12:23:45.0286 4908        DfsC - ok
12:23:45.0364 4908        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
12:23:45.0442 4908        discache - ok
12:23:45.0536 4908        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
12:23:45.0551 4908        Disk - ok
12:23:45.0629 4908        drmkaud        (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
12:23:45.0661 4908        drmkaud - ok
12:23:45.0785 4908        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
12:23:45.0832 4908        DXGKrnl - ok
12:23:45.0988 4908        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
12:23:46.0113 4908        ebdrv - ok
12:23:46.0253 4908        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
12:23:46.0269 4908        elxstor - ok
12:23:46.0347 4908        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
12:23:46.0409 4908        ErrDev - ok
12:23:46.0534 4908        ETD            (06c94be9d9e1e6411429433a64a76936) C:\windows\system32\DRIVERS\ETD.sys
12:23:46.0565 4908        ETD - ok
12:23:46.0721 4908        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
12:23:46.0815 4908        exfat - ok
12:23:46.0846 4908        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
12:23:46.0924 4908        fastfat - ok
12:23:47.0033 4908        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
12:23:47.0080 4908        fdc - ok
12:23:47.0205 4908        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
12:23:47.0221 4908        FileInfo - ok
12:23:47.0236 4908        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
12:23:47.0330 4908        Filetrace - ok
12:23:47.0439 4908        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
12:23:47.0486 4908        flpydisk - ok
12:23:47.0517 4908        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
12:23:47.0533 4908        FltMgr - ok
12:23:47.0626 4908        FsDepends      (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
12:23:47.0642 4908        FsDepends - ok
12:23:47.0689 4908        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
12:23:47.0704 4908        Fs_Rec - ok
12:23:47.0829 4908        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
12:23:47.0860 4908        fvevol - ok
12:23:47.0923 4908        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
12:23:47.0954 4908        gagp30kx - ok
12:23:48.0079 4908        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
12:23:48.0094 4908        hamachi - ok
12:23:48.0219 4908        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
12:23:48.0250 4908        hcw85cir - ok
12:23:48.0359 4908        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
12:23:48.0422 4908        HdAudAddService - ok
12:23:48.0531 4908        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
12:23:48.0578 4908        HDAudBus - ok
12:23:48.0687 4908        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
12:23:48.0703 4908        HECIx64 - ok
12:23:48.0718 4908        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
12:23:48.0765 4908        HidBatt - ok
12:23:48.0859 4908        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
12:23:48.0905 4908        HidBth - ok
12:23:49.0015 4908        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
12:23:49.0061 4908        HidIr - ok
12:23:49.0217 4908        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
12:23:49.0264 4908        HidUsb - ok
12:23:49.0405 4908        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
12:23:49.0420 4908        HpSAMD - ok
12:23:49.0483 4908        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
12:23:49.0561 4908        HTTP - ok
12:23:49.0670 4908        hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
12:23:49.0685 4908        hwpolicy - ok
12:23:49.0748 4908        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
12:23:49.0779 4908        i8042prt - ok
12:23:49.0857 4908        iaStor          (be7d72fcf442c26975942007e0831241) C:\windows\system32\DRIVERS\iaStor.sys
12:23:49.0873 4908        iaStor - ok
12:23:49.0966 4908        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
12:23:49.0997 4908        iaStorV - ok
12:23:50.0091 4908        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
12:23:50.0122 4908        iirsp - ok
12:23:50.0263 4908        Impcd          (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
12:23:50.0309 4908        Impcd - ok
12:23:50.0465 4908        IntcAzAudAddService (a4baf427952099d5874bac8783890df8) C:\windows\system32\drivers\RTKVHD64.sys
12:23:50.0512 4908        IntcAzAudAddService - ok
12:23:50.0637 4908        IntcDAud        (da24c1f66ee1b5a92e045376d7a44b58) C:\windows\system32\DRIVERS\IntcDAud.sys
12:23:50.0684 4908        IntcDAud - ok
12:23:50.0793 4908        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
12:23:50.0809 4908        intelide - ok
12:23:51.0058 4908        intelkmd        (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdpmd64.sys
12:23:51.0370 4908        intelkmd - ok
12:23:51.0495 4908        intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
12:23:51.0526 4908        intelppm - ok
12:23:51.0651 4908        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:23:51.0729 4908        IpFilterDriver - ok
12:23:51.0854 4908        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
12:23:51.0901 4908        IPMIDRV - ok
12:23:51.0932 4908        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
12:23:52.0010 4908        IPNAT - ok
12:23:52.0119 4908        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
12:23:52.0150 4908        IRENUM - ok
12:23:52.0291 4908        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
12:23:52.0306 4908        isapnp - ok
12:23:52.0337 4908        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
12:23:52.0353 4908        iScsiPrt - ok
12:23:52.0478 4908        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
12:23:52.0493 4908        kbdclass - ok
12:23:52.0540 4908        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
12:23:52.0587 4908        kbdhid - ok
12:23:52.0743 4908        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
12:23:52.0759 4908        KSecDD - ok
12:23:52.0805 4908        KSecPkg        (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
12:23:52.0821 4908        KSecPkg - ok
12:23:52.0946 4908        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
12:23:53.0024 4908        ksthunk - ok
12:23:53.0164 4908        lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
12:23:53.0242 4908        lltdio - ok
12:23:53.0367 4908        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
12:23:53.0398 4908        LSI_FC - ok
12:23:53.0414 4908        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
12:23:53.0429 4908        LSI_SAS - ok
12:23:53.0539 4908        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:23:53.0570 4908        LSI_SAS2 - ok
12:23:53.0585 4908        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:23:53.0601 4908        LSI_SCSI - ok
12:23:53.0679 4908        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
12:23:53.0757 4908        luafv - ok
12:23:53.0835 4908        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
12:23:53.0851 4908        megasas - ok
12:23:53.0897 4908        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
12:23:53.0913 4908        MegaSR - ok
12:23:54.0022 4908        Modem          (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
12:23:54.0085 4908        Modem - ok
12:23:54.0147 4908        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
12:23:54.0194 4908        monitor - ok
12:23:54.0272 4908        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
12:23:54.0287 4908        mouclass - ok
12:23:54.0350 4908        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
12:23:54.0397 4908        mouhid - ok
12:23:54.0490 4908        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
12:23:54.0506 4908        mountmgr - ok
12:23:54.0553 4908        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
12:23:54.0584 4908        mpio - ok
12:23:54.0646 4908        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
12:23:54.0740 4908        mpsdrv - ok
12:23:54.0787 4908        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
12:23:54.0833 4908        MRxDAV - ok
12:23:54.0927 4908        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
12:23:54.0943 4908        mrxsmb - ok
12:23:55.0021 4908        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:23:55.0067 4908        mrxsmb10 - ok
12:23:55.0145 4908        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:23:55.0192 4908        mrxsmb20 - ok
12:23:55.0255 4908        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
12:23:55.0270 4908        msahci - ok
12:23:55.0333 4908        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
12:23:55.0348 4908        msdsm - ok
12:23:55.0442 4908        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
12:23:55.0504 4908        Msfs - ok
12:23:55.0582 4908        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
12:23:55.0660 4908        mshidkmdf - ok
12:23:55.0707 4908        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
12:23:55.0723 4908        msisadrv - ok
12:23:55.0832 4908        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
12:23:55.0910 4908        MSKSSRV - ok
12:23:55.0972 4908        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
12:23:56.0035 4908        MSPCLOCK - ok
12:23:56.0128 4908        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
12:23:56.0191 4908        MSPQM - ok
12:23:56.0237 4908        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
12:23:56.0269 4908        MsRPC - ok
12:23:56.0331 4908        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
12:23:56.0347 4908        mssmbios - ok
12:23:56.0409 4908        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
12:23:56.0503 4908        MSTEE - ok
12:23:56.0565 4908        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
12:23:56.0612 4908        MTConfig - ok
12:23:56.0674 4908        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
12:23:56.0690 4908        Mup - ok
12:23:56.0799 4908        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
12:23:56.0846 4908        NativeWifiP - ok
12:23:56.0924 4908        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
12:23:56.0971 4908        NDIS - ok
12:23:57.0095 4908        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
12:23:57.0173 4908        NdisCap - ok
12:23:57.0298 4908        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
12:23:57.0361 4908        NdisTapi - ok
12:23:57.0485 4908        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
12:23:57.0563 4908        Ndisuio - ok
12:23:57.0595 4908        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
12:23:57.0657 4908        NdisWan - ok
12:23:57.0751 4908        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
12:23:57.0829 4908        NDProxy - ok
12:23:57.0938 4908        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
12:23:58.0016 4908        NetBIOS - ok
12:23:58.0047 4908        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
12:23:58.0109 4908        NetBT - ok
12:23:58.0406 4908        NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
12:23:58.0671 4908        NETw5s64 - ok
12:23:58.0780 4908        nfrd960        (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
12:23:58.0796 4908        nfrd960 - ok
12:23:58.0874 4908        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
12:23:58.0952 4908        Npfs - ok
12:23:59.0014 4908        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
12:23:59.0077 4908        nsiproxy - ok
12:23:59.0186 4908        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
12:23:59.0233 4908        Ntfs - ok
12:23:59.0326 4908        Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
12:23:59.0404 4908        Null - ok
12:23:59.0513 4908        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
12:23:59.0529 4908        nvraid - ok
12:23:59.0560 4908        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
12:23:59.0591 4908        nvstor - ok
12:23:59.0701 4908        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
12:23:59.0732 4908        nv_agp - ok
12:23:59.0779 4908        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
12:23:59.0825 4908        ohci1394 - ok
12:23:59.0935 4908        Parport        (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
12:23:59.0966 4908        Parport - ok
12:23:59.0981 4908        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
12:23:59.0997 4908        partmgr - ok
12:24:00.0091 4908        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
12:24:00.0122 4908        pci - ok
12:24:00.0247 4908        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
12:24:00.0262 4908        pciide - ok
12:24:00.0293 4908        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
12:24:00.0309 4908        pcmcia - ok
12:24:00.0387 4908        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
12:24:00.0403 4908        pcw - ok
12:24:00.0434 4908        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
12:24:00.0512 4908        PEAUTH - ok
12:24:00.0668 4908        Point64        (b8d8ec78b0f9ed8e220506181274f3d3) C:\windows\system32\DRIVERS\point64.sys
12:24:00.0683 4908        Point64 - ok
12:24:00.0824 4908        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
12:24:00.0902 4908        PptpMiniport - ok
12:24:01.0011 4908        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
12:24:01.0058 4908        Processor - ok
12:24:01.0183 4908        Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
12:24:01.0245 4908        Psched - ok
12:24:01.0323 4908        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
12:24:01.0370 4908        ql2300 - ok
12:24:01.0479 4908        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
12:24:01.0510 4908        ql40xx - ok
12:24:01.0526 4908        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
12:24:01.0588 4908        QWAVEdrv - ok
12:24:01.0697 4908        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
12:24:01.0744 4908        RasAcd - ok
12:24:01.0838 4908        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
12:24:01.0916 4908        RasAgileVpn - ok
12:24:01.0994 4908        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
12:24:02.0072 4908        Rasl2tp - ok
12:24:02.0212 4908        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
12:24:02.0275 4908        RasPppoe - ok
12:24:02.0384 4908        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
12:24:02.0462 4908        RasSstp - ok
12:24:02.0493 4908        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
12:24:02.0555 4908        rdbss - ok
12:24:02.0649 4908        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
12:24:02.0696 4908        rdpbus - ok
12:24:02.0743 4908        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
12:24:02.0821 4908        RDPCDD - ok
12:24:02.0899 4908        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
12:24:02.0977 4908        RDPENCDD - ok
12:24:03.0023 4908        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
12:24:03.0086 4908        RDPREFMP - ok
12:24:03.0148 4908        RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
12:24:03.0211 4908        RDPWD - ok
12:24:03.0335 4908        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
12:24:03.0351 4908        rdyboost - ok
12:24:03.0491 4908        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
12:24:03.0538 4908        RFCOMM - ok
12:24:03.0663 4908        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
12:24:03.0741 4908        rspndr - ok
12:24:03.0881 4908        RSUSBSTOR      (db30aa4daa0d492fa5d7717d8181ffa1) C:\windows\system32\Drivers\RtsUStor.sys
12:24:03.0944 4908        RSUSBSTOR - ok
12:24:04.0069 4908        RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\windows\system32\drivers\RtHDMIVX.sys
12:24:04.0084 4908        RTHDMIAzAudService - ok
12:24:04.0131 4908        RTL8167        (3b01789ee4eaee97f5eb46b711387d5e) C:\windows\system32\DRIVERS\Rt64win7.sys
12:24:04.0178 4908        RTL8167 - ok
12:24:04.0287 4908        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
12:24:04.0303 4908        sbp2port - ok
12:24:04.0334 4908        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
12:24:04.0365 4908        scfilter - ok
12:24:04.0505 4908        sdbus          (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
12:24:04.0552 4908        sdbus - ok
12:24:04.0646 4908        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
12:24:04.0724 4908        secdrv - ok
12:24:04.0849 4908        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
12:24:04.0895 4908        Serenum - ok
12:24:05.0020 4908        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
12:24:05.0067 4908        Serial - ok
12:24:05.0161 4908        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
12:24:05.0207 4908        sermouse - ok
12:24:05.0254 4908        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
12:24:05.0301 4908        sffdisk - ok
12:24:05.0395 4908        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
12:24:05.0441 4908        sffp_mmc - ok
12:24:05.0473 4908        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
12:24:05.0519 4908        sffp_sd - ok
12:24:05.0629 4908        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
12:24:05.0675 4908        sfloppy - ok
12:24:05.0785 4908        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:24:05.0800 4908        SiSRaid2 - ok
12:24:05.0831 4908        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
12:24:05.0847 4908        SiSRaid4 - ok
12:24:05.0956 4908        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
12:24:06.0050 4908        Smb - ok
12:24:06.0175 4908        smserial        (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
12:24:06.0237 4908        smserial - ok
12:24:06.0346 4908        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
12:24:06.0362 4908        spldr - ok
12:24:06.0424 4908        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
12:24:06.0471 4908        srv - ok
12:24:06.0580 4908        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
12:24:06.0643 4908        srv2 - ok
12:24:06.0783 4908        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
12:24:06.0830 4908        srvnet - ok
12:24:06.0955 4908        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
12:24:06.0970 4908        stexstor - ok
12:24:07.0017 4908        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
12:24:07.0033 4908        swenum - ok
12:24:07.0173 4908        Tcpip          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
12:24:07.0235 4908        Tcpip - ok
12:24:07.0391 4908        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
12:24:07.0438 4908        TCPIP6 - ok
12:24:07.0532 4908        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
12:24:07.0579 4908        tcpipreg - ok
12:24:07.0672 4908        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
12:24:07.0735 4908        TDPIPE - ok
12:24:07.0813 4908        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
12:24:07.0875 4908        TDTCP - ok
12:24:07.0953 4908        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
12:24:08.0031 4908        tdx - ok
12:24:08.0109 4908        TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
12:24:08.0125 4908        TermDD - ok
12:24:08.0265 4908        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
12:24:08.0343 4908        tssecsrv - ok
12:24:08.0452 4908        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
12:24:08.0499 4908        tunnel - ok
12:24:08.0515 4908        TurboB          (c45a3e051c65106a28982caed125f855) C:\windows\system32\DRIVERS\TurboB.sys
12:24:08.0530 4908        TurboB - ok
12:24:08.0624 4908        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
12:24:08.0639 4908        uagp35 - ok
12:24:08.0655 4908        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
12:24:08.0702 4908        udfs - ok
12:24:08.0858 4908        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
12:24:08.0873 4908        uliagpkx - ok
12:24:08.0998 4908        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
12:24:09.0045 4908        umbus - ok
12:24:09.0185 4908        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
12:24:09.0248 4908        UmPass - ok
12:24:09.0373 4908        usbccgp        (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
12:24:09.0404 4908        usbccgp - ok
12:24:09.0529 4908        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
12:24:09.0544 4908        usbcir - ok
12:24:09.0685 4908        usbehci        (92969ba5ac44e229c55a332864f79677) C:\windows\system32\drivers\usbehci.sys
12:24:09.0700 4908        usbehci - ok
12:24:09.0763 4908        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
12:24:09.0825 4908        usbhub - ok
12:24:09.0934 4908        usbohci        (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
12:24:09.0965 4908        usbohci - ok
12:24:10.0075 4908        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
12:24:10.0121 4908        usbprint - ok
12:24:10.0231 4908        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
12:24:10.0262 4908        usbscan - ok
12:24:10.0309 4908        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:24:10.0340 4908        USBSTOR - ok
12:24:10.0480 4908        usbuhci        (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
12:24:10.0496 4908        usbuhci - ok
12:24:10.0589 4908        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
12:24:10.0605 4908        usbvideo - ok
12:24:10.0714 4908        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
12:24:10.0730 4908        vdrvroot - ok
12:24:10.0808 4908        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
12:24:10.0823 4908        vga - ok
12:24:10.0901 4908        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
12:24:10.0979 4908        VgaSave - ok
12:24:11.0089 4908        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
12:24:11.0104 4908        vhdmp - ok
12:24:11.0120 4908        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
12:24:11.0135 4908        viaide - ok
12:24:11.0260 4908        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
12:24:11.0291 4908        volmgr - ok
12:24:11.0307 4908        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
12:24:11.0338 4908        volmgrx - ok
12:24:11.0416 4908        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
12:24:11.0447 4908        volsnap - ok
12:24:11.0494 4908        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
12:24:11.0525 4908        vsmraid - ok
12:24:11.0603 4908        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
12:24:11.0635 4908        vwifibus - ok
12:24:11.0759 4908        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
12:24:11.0806 4908        vwififlt - ok
12:24:11.0915 4908        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
12:24:11.0947 4908        vwifimp - ok
12:24:12.0009 4908        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
12:24:12.0040 4908        WacomPen - ok
12:24:12.0165 4908        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:24:12.0243 4908        WANARP - ok
12:24:12.0259 4908        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:24:12.0305 4908        Wanarpv6 - ok
12:24:12.0399 4908        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
12:24:12.0415 4908        Wd - ok
12:24:12.0461 4908        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
12:24:12.0493 4908        Wdf01000 - ok
12:24:12.0649 4908        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
12:24:12.0695 4908        WfpLwf - ok
12:24:12.0758 4908        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
12:24:12.0773 4908        WIMMount - ok
12:24:12.0929 4908        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
12:24:12.0992 4908        WinUsb - ok
12:24:13.0085 4908        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
12:24:13.0132 4908        WmiAcpi - ok
12:24:13.0273 4908        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
12:24:13.0335 4908        ws2ifsl - ok
12:24:13.0382 4908        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
12:24:13.0460 4908        WudfPf - ok
12:24:13.0569 4908        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
12:24:13.0647 4908        WUDFRd - ok
12:24:13.0709 4908        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:24:13.0865 4908        \Device\Harddisk0\DR0 - ok
12:24:13.0865 4908        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:24:14.0053 4908        \Device\Harddisk1\DR1 - ok
12:24:14.0053 4908        MBR (0x1B8)    (5553cd643b9e5e7430afa8537c5e9d58) \Device\Harddisk2\DR2
12:24:20.0917 4908        \Device\Harddisk2\DR2 - ok
12:24:20.0948 4908        Boot (0x1200)  (cc053717143e58f81f724b1082df01d8) \Device\Harddisk0\DR0\Partition0
12:24:20.0948 4908        \Device\Harddisk0\DR0\Partition0 - ok
12:24:20.0979 4908        Boot (0x1200)  (908ac6da23d348d28fcb92d03d4129ad) \Device\Harddisk0\DR0\Partition1
12:24:20.0979 4908        \Device\Harddisk0\DR0\Partition1 - ok
12:24:20.0979 4908        Boot (0x1200)  (30603b3bcee732b91e85cee036b95197) \Device\Harddisk1\DR1\Partition0
12:24:20.0979 4908        \Device\Harddisk1\DR1\Partition0 - ok
12:24:20.0979 4908        ============================================================
12:24:20.0979 4908        Scan finished
12:24:20.0979 4908        ============================================================
12:24:20.0995 2572        Detected object count: 0
12:24:20.0995 2572        Actual detected object count: 0
Mir ist nicht aufgefallen, dass irgendwas nicht sichtbar wäre auf dem desktop, werde es trotzdem erstmal ausführen, wenn das quatsch ist einfach bescheid sagen, dann stopp ichs.

cosinus 19.01.2012 13:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

GutenTag 19.01.2012 13:59
Hier ist das von ComboFix erstellte log:

Code:
ComboFix 12-01-18.04 - Stefan 19.01.2012  13:50:00.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3886.2372 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\program files (x86)\INSTALL.LOG
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-19 bis 2012-01-19  ))))))))))))))))))))))))))))))
.
.
2012-01-19 12:53 . 2012-01-19 12:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-19 10:59 . 2012-01-19 10:59        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FB29BA2-E915-4783-85BC-39887E6EE9E4}\offreg.dll
2012-01-19 10:44 . 2012-01-19 10:44        --------        d-----w-        C:\_OTL
2012-01-18 21:14 . 2012-01-18 21:14        --------        d-----w-        c:\program files (x86)\ESET
2012-01-18 21:12 . 2012-01-18 21:12        --------        d-----w-        c:\program files (x86)\searchplugins
2012-01-18 21:12 . 2012-01-18 21:12        --------        d-----w-        c:\program files (x86)\hyphenation
2012-01-18 21:12 . 2012-01-18 21:12        --------        d-----w-        c:\program files (x86)\extensions
2012-01-18 21:12 . 2012-01-18 21:12        --------        d-----w-        c:\program files (x86)\defaults
2012-01-18 21:12 . 2012-01-18 21:12        --------        d-----w-        c:\program files (x86)\components
2012-01-18 21:12 . 2011-12-21 07:42        2124760        ----a-w-        c:\program files (x86)\mozjs.dll
2012-01-18 17:26 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FB29BA2-E915-4783-85BC-39887E6EE9E4}\mpengine.dll
2012-01-18 15:15 . 2012-01-18 15:15        --------        d---a-w-        C:\.Trash-999
2012-01-17 10:50 . 2012-01-17 10:50        --------        d-----w-        c:\users\Stefan\AppData\Roaming\Avira
2012-01-17 10:30 . 2012-01-19 02:10        --------        d-----w-        c:\programdata\Panda Security
2012-01-17 10:30 . 2012-01-19 02:10        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2012-01-15 17:40 . 2011-12-21 04:29        626688        ----a-w-        c:\program files (x86)\msvcr80.dll
2012-01-15 17:40 . 2011-12-21 04:29        548864        ----a-w-        c:\program files (x86)\msvcp80.dll
2012-01-15 17:40 . 2011-12-21 04:29        479232        ----a-w-        c:\program files (x86)\msvcm80.dll
2012-01-15 17:40 . 2011-12-21 07:42        43992        ----a-w-        c:\program files (x86)\mozutils.dll
2012-01-15 14:17 . 2012-01-19 02:09        --------        d-----w-        c:\users\Stefan\AppData\Roaming\Malwarebytes
2012-01-15 14:17 . 2012-01-15 14:17        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-11 19:28 . 2012-01-11 19:28        --------        d-----w-        c:\users\Stefan\AppData\Roaming\GraphPad Software
2012-01-11 19:28 . 2012-01-11 19:28        --------        d-----w-        c:\programdata\GraphPad Software
2012-01-11 14:11 . 2011-10-26 05:22        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-11 14:11 . 2011-10-26 05:22        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 14:11 . 2011-10-26 04:28        1328640        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-11 14:11 . 2011-10-26 04:28        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-11 14:11 . 2011-11-17 07:14        1739160        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 14:11 . 2011-11-17 05:41        1292592        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-11 14:11 . 2011-11-19 15:07        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 14:11 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2012-01-04 00:48 . 2012-01-04 00:48        354176        ----a-w-        c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-01 11:36 . 2012-01-01 11:36        --------        d--h--w-        c:\windows\system32\CanonIJ Uninstaller Information
2012-01-01 11:35 . 2010-08-25 04:00        87040        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPPAF.DLL
2012-01-01 11:35 . 2010-08-25 04:00        28672        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPDAF.DLL
2012-01-01 11:35 . 2010-08-25 04:00        361472        ----a-w-        c:\windows\system32\CNMLMAF.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 07:42 . 2010-08-26 15:06        269272        ----a-w-        c:\program files (x86)\updater.exe
2011-12-21 07:42 . 2010-08-26 15:06        19928        ----a-w-        c:\program files (x86)\xpcom.dll
2011-12-21 07:42 . 2010-08-26 15:06        170968        ----a-w-        c:\program files (x86)\softokn3.dll
2011-12-21 07:42 . 2010-08-26 15:06        16096216        ----a-w-        c:\program files (x86)\xul.dll
2011-12-21 07:42 . 2010-08-26 15:06        154584        ----a-w-        c:\program files (x86)\ssl3.dll
2011-12-21 07:42 . 2010-08-26 15:06        646104        ----a-w-        c:\program files (x86)\nss3.dll
2011-12-21 07:42 . 2010-08-26 15:06        371672        ----a-w-        c:\program files (x86)\nssckbi.dll
2011-12-21 07:42 . 2010-08-26 15:06        21976        ----a-w-        c:\program files (x86)\plc4.dll
2011-12-21 07:42 . 2010-08-26 15:06        20440        ----a-w-        c:\program files (x86)\plds4.dll
2011-12-21 07:42 . 2010-08-26 15:06        16856        ----a-w-        c:\program files (x86)\plugin-container.exe
2011-12-21 07:42 . 2010-08-26 15:06        109528        ----a-w-        c:\program files (x86)\nssdbm3.dll
2011-12-21 07:42 . 2010-08-26 15:06        105432        ----a-w-        c:\program files (x86)\smime3.dll
2011-12-21 07:42 . 2010-08-26 15:06        105432        ----a-w-        c:\program files (x86)\nssutil3.dll
2011-12-21 07:42 . 2011-05-15 11:59        97240        ----a-w-        c:\program files (x86)\libEGL.dll
2011-12-21 07:42 . 2011-05-15 11:59        814040        ----a-w-        c:\program files (x86)\mozsqlite3.dll
2011-12-21 07:42 . 2011-05-15 11:59        486360        ----a-w-        c:\program files (x86)\libGLESv2.dll
2011-12-21 07:42 . 2011-05-15 11:59        15832        ----a-w-        c:\program files (x86)\mozalloc.dll
2011-12-21 07:42 . 2010-08-26 15:06        924632        ----a-w-        c:\program files (x86)\firefox.exe
2011-12-21 07:42 . 2010-08-26 15:06        269272        ----a-w-        c:\program files (x86)\freebl3.dll
2011-12-21 07:42 . 2010-08-26 15:06        19416        ----a-w-        c:\program files (x86)\AccessibleMarshal.dll
2011-12-21 07:42 . 2010-08-26 15:06        187352        ----a-w-        c:\program files (x86)\nspr4.dll
2011-12-21 07:42 . 2010-08-26 15:06        125912        ----a-w-        c:\program files (x86)\crashreporter.exe
2011-12-21 04:29 . 2011-07-14 13:08        2106216        ----a-w-        c:\program files (x86)\D3DCompiler_43.dll
2011-12-21 04:29 . 2011-07-14 13:08        1998168        ----a-w-        c:\program files (x86)\d3dx9_43.dll
2011-11-24 05:00 . 2011-12-14 18:16        3141632        ----a-w-        c:\windows\system32\win32k.sys
2011-11-05 05:26 . 2011-12-14 18:31        1197568        ----a-w-        c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 18:31        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 18:25        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 18:31        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 18:31        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 18:25        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 18:31        482816        ----a-w-        c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 18:31        386048        ----a-w-        c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 18:31        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 18:31        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19 . 2011-12-14 18:30        43520        ----a-w-        c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-12-18 2396160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-08 102400]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-01-26 1029896]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [x]
R3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2009-12-21 637192]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-01-25 4154120]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-17 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 23004002
*Deregistered* - 23004002
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9645088]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-08 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-08 413720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 141.53.9.12
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\otw7mp5f.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-19  13:55:18
ComboFix-quarantined-files.txt  2012-01-19 12:55
.
Vor Suchlauf: 12 Verzeichnis(se), 194.699.354.112 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 194.574.802.944 Bytes frei
.
- - End Of File - - C10F8BD067D3DF0B3D4BC54FFF9F9E44

cosinus 19.01.2012 16:33
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

GutenTag 19.01.2012 17:01
Hier ist der log

Code:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 16:55:25
-----------------------------
16:55:25.796    OS Version: Windows x64 6.1.7600
16:55:25.796    Number of processors: 4 586 0x2502
16:55:25.796    ComputerName: STEFAN-MSI  UserName: Stefan
16:55:26.794    Initialize success
16:57:10.019    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:57:10.019    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
16:57:10.035    Disk 0 MBR read successfully
16:57:10.050    Disk 0 MBR scan
16:57:10.050    Disk 0 Windows 7 default MBR code
16:57:10.066    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        12288 MB offset 2048
16:57:10.081    Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS          100 MB offset 25167872
16:57:10.097    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      279959 MB offset 25372672
16:57:10.128    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      184591 MB offset 598728704
16:57:10.144    Service scanning
16:57:11.283    Modules scanning
16:57:11.283    Disk 0 trace - called modules:
16:57:11.314    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:57:11.329    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c83060]
16:57:11.329    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004982050]
16:57:11.345    Scan finished successfully
16:57:24.449    Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"
16:57:24.449    The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"
Wie sieht es denn aus bisher? Haben wir schon was erreicht, besteht Hoffnung?

Übrigens hatte sich vor dem scan das "system control center" (oder so ähnlich) gemeldet das es nicht richtig funktioniert und beendet werden muss....

EDIT: Avira lässt sich ja wie beschrieben nicht mehr einschalten, daher bin ich momentan ohne virenprogramm unterwegs (allerdings nutze ich nur eure seite (+die links)), soll ich mir avira neu runterladen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:31 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131