Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   security center, Achtung! Ihr Windows System wurde blockiert! (https://www.trojaner-board.de/109095-security-center-achtung-windows-system-wurde-blockiert.html)

WinniPu 05.02.2012 23:29
OTL Logfile:
Code:
OTL logfile created on: 2/5/2012 11:05:29 PM - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.98 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 68.13% Memory free
11.96 Gb Paging File | 10.05 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230.00 Gb Total Space | 186.47 Gb Free Space | 81.07% Space Free | Partition Type: NTFS
Drive D: | 342.72 Gb Total Space | 342.62 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/02/04 21:43:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012/01/31 11:55:08 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/14 11:15:38 | 004,394,576 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/02/07 10:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/04 14:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010/12/23 07:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/29 06:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/11/10 00:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/13 14:54:17 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/03 18:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 08:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/04 04:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 06:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/23 08:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/07 03:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/07/19 11:48:48 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
 
[2011/12/30 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = hxxp://mystart.incredibar.com/mb106/?loc=IB_DS&search={searchTerms}&a=6OyoimFOtT&i=26
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: WordCaptureX (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf\1.1_0\npWCX.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Word CaptureX Extension = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf\1.1_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Dili\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Dili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C0E64D-360D-4D56-84F1-0AA53B1216EF}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E420E3BF-C2A1-4233-BA32-746E24431A49}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{FA4C90A6-7213-410D-AADF-2F0507F55045} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/05 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\OTL
[2012/02/05 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{974CE093-3FB8-4559-B5AF-BF04A264FAF4}
[2012/02/05 21:58:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{603EC209-0572-4D37-82F6-A9BF2BC4FEF4}
[2012/02/05 20:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/05 19:58:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012/02/05 19:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/05 19:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/05 19:58:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/05 19:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/05 16:03:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C2706F2F-D5B1-471E-8381-0ACE2F5DCE60}
[2012/02/05 10:53:01 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/05 10:53:01 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/05 10:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/05 10:53:00 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/05 10:53:00 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/05 10:53:00 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/05 10:52:59 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/05 10:52:59 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/05 10:52:56 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/05 10:52:56 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/05 10:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/05 10:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/05 00:19:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C917401B-FF35-4180-A61E-0D635F8B7EC8}
[2012/02/05 00:19:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DA98C607-864A-4333-9B32-05B27B417597}
[2012/02/05 00:18:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{31006D15-BEBC-4F6A-9F1A-900F1F4E81BF}
[2012/02/05 00:18:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0E94DB12-E511-47E8-AABC-E0092E42D113}
[2012/02/05 00:18:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CA4595BD-D46C-49FC-A035-A236383E94DB}
[2012/02/05 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A7CEAD97-76B8-455A-AF6D-DAA501A95DDA}
[2012/02/05 00:09:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ElevatedDiagnostics
[2012/02/04 21:43:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dili\Desktop\OTL.exe
[2012/02/04 10:02:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F19DCD4A-E5F8-46CB-9042-8D2A2DF71AAA}
[2012/02/04 10:01:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BED532B8-F6CD-4D8E-93F6-773CE1412C15}
[2012/02/03 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4C4A1B77-0465-4BA7-9409-A526711CEE2E}
[2012/02/03 21:11:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9DF6EEF0-B21F-40D7-882F-669AE0C68F66}
[2012/02/03 09:08:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{EAD588B2-C4B4-44A3-9B11-9B5F91232677}
[2012/02/03 09:07:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{1047015F-7B3C-440F-A86B-6EFAB488F535}
[2012/02/02 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2543112A-001C-4EAD-A084-52E0D72BE716}
[2012/02/02 09:44:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{07663686-D829-42A2-BF17-6CFC5E9C3CDA}
[2012/02/01 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BA40CEF3-9797-45C0-BBCC-FEA3FD0087AC}
[2012/02/01 16:45:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F53794CB-2CFB-4978-A465-F42528528E88}
[2012/01/31 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C30C71A0-C78D-4EFC-8059-6F7D8A3E00F0}
[2012/01/31 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E19AC6A5-4B2D-4021-9ECA-017D2BA3A499}
[2012/01/31 12:21:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/01/31 12:07:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/31 09:55:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D19DF3AE-3BF4-4F1F-B983-EDCA460A1C2A}
[2012/01/31 09:54:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{41EB946B-970F-4CC7-921E-A844510D5373}
[2012/01/30 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7150AB69-4CF8-495E-BD70-81666CB1B661}
[2012/01/30 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F4CC09E3-E672-404C-AF04-049EB12138C8}
[2012/01/30 09:48:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B0C62E39-74D0-46DD-8884-0464D71F2CDD}
[2012/01/30 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E6E38B22-21E2-4801-B2B2-39ED6FB40666}
[2012/01/29 11:16:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B9943416-EEE7-464C-AA80-08E360596710}
[2012/01/29 11:15:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2016D2F8-FC38-454A-A6E1-F8F5F585C1FE}
[2012/01/28 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A8759D86-BACA-4F58-8059-92D324539BA6}
[2012/01/28 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2253B5AB-6386-42BE-9C44-6F622FCD8F04}
[2012/01/28 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A6F8B7CE-8B9D-43CA-A152-13C6ADBA6A05}
[2012/01/28 10:19:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FCD8D079-23E3-4E0B-97C4-03C7E71A6EC4}
[2012/01/27 22:03:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{764ECA08-D574-48D3-901E-A5637A238547}
[2012/01/27 22:02:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B7468B65-F6CA-4A52-9098-7AAF643C9282}
[2012/01/27 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FDE71007-1A9D-473E-98FF-6911ABD49CF9}
[2012/01/27 09:55:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2CF108C9-0B4D-48E0-BB61-B50894979D9A}
[2012/01/26 21:52:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E14F7AE7-8623-4BB1-BBEC-04922ADAECDA}
[2012/01/26 21:52:28 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F7BDDEBA-776D-467D-B7DE-9B269EE601D8}
[2012/01/26 09:49:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{701411CC-4BFC-4B25-B3B8-66836314FA5A}
[2012/01/26 09:48:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{495AE020-2906-4655-8611-F2FFEE1FBC5E}
[2012/01/25 11:00:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{156E820C-2F70-4B60-A8CF-6163324CB41D}
[2012/01/25 11:00:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{927A2C1A-C8B1-49DC-AF73-860867F50954}
[2012/01/24 22:58:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{25B338A9-E53C-48A2-A10C-9E1E0D0B198C}
[2012/01/24 22:58:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{093425A6-1194-4481-8141-A09B7E2CDC12}
[2012/01/24 10:53:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{71FD3096-B865-45A1-B4A3-0B55749176EE}
[2012/01/24 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9DD2A916-F57D-4B79-816A-E4961F5EDB95}
[2012/01/23 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F37E81AA-A973-4B38-BC65-19264EC043BA}
[2012/01/23 12:34:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DAD533B5-E281-45DA-BB5F-FA0A91A34AEC}
[2012/01/22 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E52F42CD-4C79-4533-967C-30901A0AC4FF}
[2012/01/22 12:15:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6567CF41-FF2A-407B-A691-26D36B0E2F4F}
[2012/01/21 22:20:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4A8635B0-CD0C-46BD-8015-34DCF512D1A9}
[2012/01/21 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{685E8AB2-EAA8-4288-9637-7C3565ED370E}
[2012/01/13 21:09:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5B5D6635-AC76-4032-AADE-27ACBB194C3B}
[2012/01/13 21:08:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{04E91324-39FC-46BA-925D-DCFA5B8C5E0F}
[2012/01/11 23:50:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B79AA0B9-76CD-49AF-BA83-2558E9100333}
[2012/01/11 23:50:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B4A8A7D5-8729-439C-B26E-F2E807B05C9B}
[2012/01/09 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FEA48460-8AE5-474B-BC13-17693275D8AF}
[2012/01/08 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9D9AC064-560B-47EB-84CC-AEB1746D1130}
[2012/01/08 12:18:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{320193C3-E005-4E21-8533-462B669D4BBF}
[2012/01/07 15:18:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0F161CD7-9C1D-41D7-89AC-348D10998963}
[2012/01/07 15:18:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A64FEAE6-47D8-4431-BEB0-2D961D2E77EE}
[2012/01/07 00:19:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C800BE1A-4D59-4763-8B5C-7566D0FCB060}
[2012/01/07 00:18:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{762AEF5A-B9FE-45F2-89DF-50BCD0DA22A4}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/05 22:45:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/05 22:13:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000UA.job
[2012/02/05 22:13:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000Core.job
[2012/02/05 21:26:59 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 21:26:59 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 21:25:55 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/05 21:25:55 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/02/05 21:25:55 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/05 21:25:55 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/02/05 21:25:55 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/05 21:19:28 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 21:19:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/05 21:18:55 | 2126,036,991 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 20:32:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 11:47:00 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/05 10:52:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/04 21:43:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dili\Desktop\OTL.exe
[2012/02/01 09:09:42 | 000,302,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/26 10:09:16 | 000,002,391 | ---- | M] () -- C:\Users\****\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/05 19:58:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 10:53:02 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/05 10:52:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/16 22:12:38 | 000,003,677 | ---- | C] () -- C:\Users\****\AppData\Roaming\Sys2657a.DLL
[2011/09/19 16:11:18 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/18 06:52:51 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/18 06:36:45 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/03/18 01:56:15 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2011/03/18 00:22:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011/03/18 00:10:01 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/12/29 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon
[2012/02/05 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2011/10/13 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2011/11/02 13:42:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2012/01/09 13:09:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011/12/17 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TippKönigin Demo
[2012/01/13 22:07:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\toolplugin
[2011/09/19 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2011/10/20 17:54:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer
[2012/02/03 09:06:54 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/10/17 17:04:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2011/11/02 20:03:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2011/12/29 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon
[2011/12/22 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CyberLink
[2011/12/29 22:39:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX
[2011/10/17 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Google
[2012/02/05 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2011/09/19 13:35:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2011/09/19 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2012/02/05 19:58:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011/03/18 06:57:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2011/12/12 23:34:55 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2011/11/01 14:17:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2011/10/13 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2011/11/02 13:42:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2012/01/09 13:09:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011/12/17 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TippKönigin Demo
[2012/01/13 22:07:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\toolplugin
[2011/09/19 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2011/12/30 19:19:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2011/10/20 17:54:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 06:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---
[/code]

WinniPu 05.02.2012 23:50
Das wäre erst mal getan ;)...
Oberflächlich siehts zwar gut aus...
Vielen Dank erstmal dafür!
Lg
Julia

cosinus 05.02.2012 23:51
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook:  - No CLSID value found
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb106/?loc=IB_DS&search={searchTerms}&a=6OyoimFOtT&i=26
CHR - default_search_provider: suggest_url =
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Dili\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
:Files
C:\Users\****\AppData\Roaming\Babylon
C:\Users\****\AppData\Roaming\Sys2657a.DLL
C:\Users\****\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

WinniPu 06.02.2012 00:03
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328ECD19-C167-40eb-A0C7-16FE7634105E}\ not found.
C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll moved successfully.
========== FILES ==========
File\Folder C:\Users****\AppData\Roaming\Babylon not found.
C:\Users\Dili\AppData\Roaming\Sys2657a.DLL moved successfully.
File\Folder C:\Users****\AppData\Local\{* not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ****
->Temp folder emptied: 34784465 bytes
->Temporary Internet Files folder emptied: 988286 bytes
->Java cache emptied: 5523680 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 7020542 bytes
->Flash cache emptied: 495 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28656 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 46.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02052012_235645

Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V2DNJXR\background_button_green_full[1].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 06.02.2012 00:08
Zitat:
File\Folder C:\Users****\AppData\Local\{* not found.
Da hast du falsch zurückeditiert!

Der Pfad sollte so lauten! C:\Users\BENUTZERNAME\AppData\Local\{*

BENUTZERNAME musst du in deinen richtigen umändern und den Stern am Ende musst du so lassen.

Mach den Fix mit diesem Script nochmal aber richtig zurückeditiert!

Code:
:Files
C:\Users\****\AppData\Roaming\Babylon
C:\Users\****\AppData\Local\{*

WinniPu 06.02.2012 00:30
Code:
========== FILES ==========
C:\Users\*\AppData\Roaming\Babylon folder moved successfully.
C:\Users\*\AppData\Local\{008F1532-78F0-42EA-91C6-E38B9F7357A4} folder moved successfully.
C:\Users\*\AppData\Local\{01001626-5DE1-418B-A5E3-1D8B7E2C3BCA} folder moved successfully.
C:\Users\*\AppData\Local\{02B324F6-8934-40CB-91CE-5CD2F560C7C0} folder moved successfully.
C:\Users\*\AppData\Local\{02C0EC77-203D-4FA7-8915-2665EC999B1F} folder moved successfully.
C:\Users\*\AppData\Local\{04E91324-39FC-46BA-925D-DCFA5B8C5E0F} folder moved successfully.
C:\Users\*\AppData\Local\{057E3984-8E79-4167-BD28-31AFCC9DE1BD} folder moved successfully.
C:\Users\*\AppData\Local\{064DC3C5-44C1-4324-B996-BC3B36CE0DAF} folder moved successfully.
C:\Users\*\AppData\Local\{067216AB-F65E-401A-88BC-28A751CC2534} folder moved successfully.
C:\Users\*\AppData\Local\{06735966-4FF2-4140-B914-28931653771E} folder moved successfully.
C:\Users\*\AppData\Local\{07663686-D829-42A2-BF17-6CFC5E9C3CDA} folder moved successfully.
C:\Users\*\AppData\Local\{07770C26-DE26-4C98-8792-444822A9BBB2} folder moved successfully.
C:\Users\*\AppData\Local\{093425A6-1194-4481-8141-A09B7E2CDC12} folder moved successfully.
C:\Users\*\AppData\Local\{0B597FD8-BA55-44AB-AA24-A9B87A1AA9BE} folder moved successfully.
C:\Users\*\AppData\Local\{0BC42D26-BBA5-41BB-B1D8-3C4A73A1458A} folder moved successfully.
C:\Users\*\AppData\Local\{0E94DB12-E511-47E8-AABC-E0092E42D113} folder moved successfully.
C:\Users\*\AppData\Local\{0F161CD7-9C1D-41D7-89AC-348D10998963} folder moved successfully.
C:\Users\*\AppData\Local\{1047015F-7B3C-440F-A86B-6EFAB488F535} folder moved successfully.
C:\Users\*\AppData\Local\{1088CD99-9540-46B7-86C9-F01F663317BD} folder moved successfully.
C:\Users\*\AppData\Local\{10B782DA-5F66-4EA0-836D-D6B5A5DF08D7} folder moved successfully.
C:\Users\*\AppData\Local\{12F9B7EA-79C0-44FB-AF88-3682F8B0A976} folder moved successfully.
C:\Users\*\AppData\Local\{156E820C-2F70-4B60-A8CF-6163324CB41D} folder moved successfully.
C:\Users\*\AppData\Local\{1830E425-E5F8-48AE-8D20-2B52DEAE12FA} folder moved successfully.
C:\Users\*\AppData\Local\{189DF469-3B5D-4EB8-8EE9-EEA02A041DBB} folder moved successfully.
C:\Users\*\AppData\Local\{1A2B126D-A509-464A-B945-39AC935FA0D3} folder moved successfully.
C:\Users\*\AppData\Local\{1BEE3AF1-F5AA-4851-B90A-FBCABDE779E7} folder moved successfully.
C:\Users\*\AppData\Local\{1C46B408-D4C8-44A0-9572-BF83528BFA7F} folder moved successfully.
C:\Users\*\AppData\Local\{1DA6C330-6977-488F-A314-376E4DB2078A} folder moved successfully.
C:\Users\*\AppData\Local\{1F27B7EB-A021-46BD-AA77-3F77FFF68F57} folder moved successfully.
C:\Users\*\AppData\Local\{1F370831-7A47-4BF6-88A7-A7683821A18C} folder moved successfully.
C:\Users\*\AppData\Local\{2016D2F8-FC38-454A-A6E1-F8F5F585C1FE} folder moved successfully.
C:\Users\*\AppData\Local\{2253B5AB-6386-42BE-9C44-6F622FCD8F04} folder moved successfully.
C:\Users\*\AppData\Local\{22BB19E2-DFEF-403F-86D9-AB91CDD3D59A} folder moved successfully.
C:\Users\*\AppData\Local\{23BD104F-23D6-408F-A75C-D880D9C6A7B5} folder moved successfully.
C:\Users\*\AppData\Local\{2407F7D0-561B-40D9-B544-43D84083B74F} folder moved successfully.
C:\Users\*\AppData\Local\{240D048C-15A3-4476-A2CF-2E5C93E65EB1} folder moved successfully.
C:\Users\*\AppData\Local\{24B4D6EB-4366-4081-ACC5-0C482BB0D88E} folder moved successfully.
C:\Users\*\AppData\Local\{2543112A-001C-4EAD-A084-52E0D72BE716} folder moved successfully.
C:\Users\*\AppData\Local\{25934E85-1AFC-40A8-9100-6A99AAC12F2B} folder moved successfully.
C:\Users\*\AppData\Local\{25B338A9-E53C-48A2-A10C-9E1E0D0B198C} folder moved successfully.
C:\Users\*\AppData\Local\{2CC75DD8-CD77-4947-9404-1EA12E2D09DA} folder moved successfully.
C:\Users\*\AppData\Local\{2CF108C9-0B4D-48E0-BB61-B50894979D9A} folder moved successfully.
C:\Users\*\AppData\Local\{2D33560B-27B6-49D8-B258-5D9E84299234} folder moved successfully.
C:\Users\*\AppData\Local\{2EE2DFBD-2CB3-451F-9F9E-84FE1C702818} folder moved successfully.
C:\Users\*\AppData\Local\{2F06721B-49B2-43AC-BEB1-4CD6FBAF351C} folder moved successfully.
C:\Users\*\AppData\Local\{2FEA3AA6-546D-4D97-B7F2-3457ADAEBE45} folder moved successfully.
C:\Users\*\AppData\Local\{31006D15-BEBC-4F6A-9F1A-900F1F4E81BF} folder moved successfully.
C:\Users\*\AppData\Local\{31E32E49-1B76-4910-B5CF-927FFAC01083} folder moved successfully.
C:\Users\*\AppData\Local\{320193C3-E005-4E21-8533-462B669D4BBF} folder moved successfully.
C:\Users\*\AppData\Local\{32AAA286-2E1C-4858-B0D3-F1AC0A7987DC} folder moved successfully.
C:\Users\*\AppData\Local\{33A6BA1B-ACDC-4E2E-89AB-47D4AB3BDFCD} folder moved successfully.
C:\Users\*\AppData\Local\{341F8CC0-9D44-42E3-897C-5CAEDCB58AC0} folder moved successfully.
C:\Users\*\AppData\Local\{351CFD1A-B49F-466B-A65F-24B22F0345C8} folder moved successfully.
C:\Users\*\AppData\Local\{35F20B1E-0C29-4020-8BCF-F9B8058E63BE} folder moved successfully.
C:\Users\*\AppData\Local\{365093FD-7BC8-49EA-8735-D3CF38197022} folder moved successfully.
C:\Users\*\AppData\Local\{373F2C72-118C-4828-9F53-05B762F1D8B5} folder moved successfully.
C:\Users\*\AppData\Local\{386FB555-979F-4F01-98EA-F48184030868} folder moved successfully.
C:\Users\*\AppData\Local\{39733344-333B-40AB-8B5F-2FB8D58237C0} folder moved successfully.
C:\Users\*\AppData\Local\{3AD4D6A6-71E0-4D3A-A3EE-1E42593A4B33} folder moved successfully.
C:\Users\*\AppData\Local\{3B48F3D1-7DEE-4867-BDCE-3957994F3C7F} folder moved successfully.
C:\Users\*\AppData\Local\{3B80D767-2FD9-4B79-9D3B-8635E47343F1} folder moved successfully.
C:\Users\*\AppData\Local\{3CE71262-F276-4DF5-8A42-3B7CB9A98950} folder moved successfully.
C:\Users\*\AppData\Local\{3E0EB1C7-0A24-4335-AA99-4DEEAAA2AFD6} folder moved successfully.
C:\Users\*\AppData\Local\{3EEE7E36-E6C5-4336-9E3E-A741956F0AA7} folder moved successfully.
C:\Users\*\AppData\Local\{3FA7F656-915F-401F-9C79-23586D935CFF} folder moved successfully.
C:\Users\*\AppData\Local\{40DEA70B-C2BE-410E-8C4D-10900008908A} folder moved successfully.
C:\Users\*\AppData\Local\{419226C7-C6F4-4787-B591-50BF6DD6CF0F} folder moved successfully.
C:\Users\*\AppData\Local\{41EB946B-970F-4CC7-921E-A844510D5373} folder moved successfully.
C:\Users\*\AppData\Local\{427A19AF-98D9-4238-8A45-C1A184C3C55F} folder moved successfully.
C:\Users\*\AppData\Local\{4289F4F5-B01C-42D2-B970-DC2FD67D64C5} folder moved successfully.
C:\Users\*\AppData\Local\{43717E0B-E19D-46E3-A029-3595025F8A23} folder moved successfully.
C:\Users\*\AppData\Local\{43E5F017-8DEF-4A1B-9A8B-3F54FC3D4A36} folder moved successfully.
C:\Users\*\AppData\Local\{43F64608-7A48-460E-A093-71628EBE30D7} folder moved successfully.
C:\Users\*\AppData\Local\{458DBFCA-D3E6-487C-A69F-36B2A4C65903} folder moved successfully.
C:\Users\*\AppData\Local\{47B5BFF5-3614-4BD8-9846-16610C8CAED2} folder moved successfully.
C:\Users\*\AppData\Local\{490F76C0-1811-496A-9044-AC896891D7BB} folder moved successfully.
C:\Users\*\AppData\Local\{495AE020-2906-4655-8611-F2FFEE1FBC5E} folder moved successfully.
C:\Users\*\AppData\Local\{4991A41C-47FE-4AC5-B954-625E17098E8D} folder moved successfully.
C:\Users\*\AppData\Local\{4A8635B0-CD0C-46BD-8015-34DCF512D1A9} folder moved successfully.
C:\Users\*\AppData\Local\{4AEAF1D0-835F-4389-A593-051BA62E1476} folder moved successfully.
C:\Users\*\AppData\Local\{4BA7CADC-CA40-489F-8730-30369AB9A8D6} folder moved successfully.
C:\Users\*\AppData\Local\{4C4A1B77-0465-4BA7-9409-A526711CEE2E} folder moved successfully.
C:\Users\*\AppData\Local\{4C96EDD2-E05D-47CE-B598-2656ADFE2CA2} folder moved successfully.
C:\Users\*\AppData\Local\{4CA1168B-AC14-4CCC-96B0-6D113BF855A2} folder moved successfully.
C:\Users\*\AppData\Local\{4DE39F1F-9680-4F0F-88B5-7044380636B5} folder moved successfully.
C:\Users\*\AppData\Local\{50BA1A14-8119-4A00-96DD-3137C3D477DA} folder moved successfully.
C:\Users\*\AppData\Local\{50E45BFA-6CEA-4C8D-82EF-54038FF839A7} folder moved successfully.
C:\Users\*\AppData\Local\{51B8F8ED-2816-4604-850A-8AC003A71C16} folder moved successfully.
C:\Users\*\AppData\Local\{53B16D03-81C7-4349-9D38-A1775FF9D3E8} folder moved successfully.
C:\Users\*\AppData\Local\{56404F4E-302C-4A9C-BD58-07F8AE9FC974} folder moved successfully.
C:\Users\*\AppData\Local\{59ACDC93-A9FF-461F-9078-6C7F8B0D6565} folder moved successfully.
C:\Users\*\AppData\Local\{59CBC37A-69E7-452E-9717-0E9E46FCE947} folder moved successfully.
C:\Users\*\AppData\Local\{5AFC817D-CD8E-4F84-9CF2-D6606E7C46A9} folder moved successfully.
C:\Users\*\AppData\Local\{5B5D6635-AC76-4032-AADE-27ACBB194C3B} folder moved successfully.
C:\Users\*\AppData\Local\{5C42E3A2-B48C-4B6C-BC04-983217ABBC35} folder moved successfully.
C:\Users\*\AppData\Local\{5E6CF8D0-26E9-405C-8122-E728A3A897A1} folder moved successfully.
C:\Users\*\AppData\Local\{5EB4624D-B414-4C4F-BE18-0347FD9B5689} folder moved successfully.
C:\Users\*\AppData\Local\{5F6ECADD-6AF1-4577-9010-674909D8B581} folder moved successfully.
C:\Users\*\AppData\Local\{5FAE3537-8CC6-43D6-98E5-D335B98B372E} folder moved successfully.
C:\Users\*\AppData\Local\{60309D91-AA94-4DAD-AD50-7E9CCB370262} folder moved successfully.
C:\Users\*\AppData\Local\{603EC209-0572-4D37-82F6-A9BF2BC4FEF4} folder moved successfully.
C:\Users\*\AppData\Local\{626DD12A-11EC-4F06-950D-7FFA43350908} folder moved successfully.
C:\Users\*\AppData\Local\{62BE803E-9F1B-44C8-8857-AA78648B523C} folder moved successfully.
C:\Users\*\AppData\Local\{6312D932-E623-4590-A912-A131E31EE48C} folder moved successfully.
C:\Users\*\AppData\Local\{6567CF41-FF2A-407B-A691-26D36B0E2F4F} folder moved successfully.
C:\Users\*\AppData\Local\{665F6C4C-2F1B-455F-AEDC-166FFC4616F1} folder moved successfully.
C:\Users\*\AppData\Local\{66BEC7A7-80F2-4594-9C1D-4E7B6FA9E306} folder moved successfully.
C:\Users\*\AppData\Local\{685E8AB2-EAA8-4288-9637-7C3565ED370E} folder moved successfully.
C:\Users\*\AppData\Local\{68D6165F-02F9-4357-9879-AAC315BCCDC1} folder moved successfully.
C:\Users\*\AppData\Local\{6B0C9E9C-7B60-4564-8995-64C96118B899} folder moved successfully.
C:\Users\*\AppData\Local\{6C3E3BED-944D-4429-84ED-15D728496D73} folder moved successfully.
C:\Users\*\AppData\Local\{6C9A431E-F578-4774-8967-597D24572D34} folder moved successfully.
C:\Users\*\AppData\Local\{6D4DCBBF-D7A4-432E-8897-FC1269A83FEB} folder moved successfully.
C:\Users\*\AppData\Local\{6D7B2A20-CC65-4FC1-A93A-BEBEBBA1D171} folder moved successfully.
C:\Users\*\AppData\Local\{6EF03604-FC50-4879-A1FC-E853BE52EC28} folder moved successfully.
C:\Users\*\AppData\Local\{6F9673F7-8BB4-4CDD-9551-2BE4493EF0B8} folder moved successfully.
C:\Users\*\AppData\Local\{701411CC-4BFC-4B25-B3B8-66836314FA5A} folder moved successfully.
C:\Users\*\AppData\Local\{712C0177-C1FF-4F09-80A7-6BA0D5BCE98A} folder moved successfully.
C:\Users\*\AppData\Local\{7150AB69-4CF8-495E-BD70-81666CB1B661} folder moved successfully.
C:\Users\*\AppData\Local\{71A50E77-1CC2-42F9-AA2A-B7FC8100EF49} folder moved successfully.
C:\Users\*\AppData\Local\{71FD3096-B865-45A1-B4A3-0B55749176EE} folder moved successfully.
C:\Users\*\AppData\Local\{734E6EBE-FF6B-435B-8FEB-6159C15DE2CE} folder moved successfully.
C:\Users\*\AppData\Local\{742D8DC5-11F3-4CDA-B901-C4EC17B0D0C7} folder moved successfully.
C:\Users\*\AppData\Local\{745C30B4-3EDC-4CEB-ABED-2DAF557D1941} folder moved successfully.
C:\Users\*\AppData\Local\{74B6033F-7511-44E2-B090-851D743E35E9} folder moved successfully.
C:\Users\*\AppData\Local\{74D34631-AE05-469A-80E0-45E593EB4EBD} folder moved successfully.
C:\Users\*\AppData\Local\{762AEF5A-B9FE-45F2-89DF-50BCD0DA22A4} folder moved successfully.
C:\Users\*\AppData\Local\{764ECA08-D574-48D3-901E-A5637A238547} folder moved successfully.
C:\Users\*\AppData\Local\{778247E1-BBEF-463B-89E7-FCAF5C7C3CE2} folder moved successfully.
C:\Users\*\AppData\Local\{798E7F36-EF97-442A-94DD-E4E63EFC6AF9} folder moved successfully.
C:\Users\*\AppData\Local\{7B674DC3-FF62-4C14-8FA7-A2C96B1C7F6E} folder moved successfully.
C:\Users\*\AppData\Local\{7C7E64C3-CF4A-404B-A561-05515C74B19A} folder moved successfully.
C:\Users\*\AppData\Local\{814718C1-3672-483B-A273-DB19474CFD5C} folder moved successfully.
C:\Users\*\AppData\Local\{81A54425-7B6F-4F83-9EC1-6FBC237367AB} folder moved successfully.
C:\Users\*\AppData\Local\{8264269B-9BE0-48E6-BAC6-924BB568EF3F} folder moved successfully.
C:\Users\*\AppData\Local\{84D1F40D-C63D-4287-9B94-36EF7E066CE2} folder moved successfully.
C:\Users\*\AppData\Local\{8561E00D-1BB3-43D6-8988-4FD73BD9BE3C} folder moved successfully.
C:\Users\*\AppData\Local\{85B98D03-E513-479C-8FB4-EBDCE706AA1F} folder moved successfully.
C:\Users\*\AppData\Local\{86ED3A3B-F7EA-4869-85BF-FF566FDFEDE2} folder moved successfully.
C:\Users\*\AppData\Local\{87DBADAF-2667-4410-ADB8-2911127172F3} folder moved successfully.
C:\Users\*\AppData\Local\{87F66BC9-D8D7-418C-80C8-597DFF35DD09} folder moved successfully.
C:\Users\*\AppData\Local\{888CFCEC-28AF-49E7-B1B6-1A8B320183CD} folder moved successfully.
C:\Users\*\AppData\Local\{8DAF4FB5-B1C8-4960-88A8-416749E1ABB2} folder moved successfully.
C:\Users\*\AppData\Local\{8E2BB8C1-53CA-4204-B281-000C0DC765E5} folder moved successfully.
C:\Users\*\AppData\Local\{8F86D223-0683-4F78-B241-755C126171C5} folder moved successfully.
C:\Users\*\AppData\Local\{927A2C1A-C8B1-49DC-AF73-860867F50954} folder moved successfully.
C:\Users\*\AppData\Local\{932DFD67-BDC9-4EC7-8834-C8EF7AFBAD9D} folder moved successfully.
C:\Users\*\AppData\Local\{956B99BC-C0FE-4FB1-80B0-185495ECFB10} folder moved successfully.
C:\Users\*\AppData\Local\{9600DCBF-7ACC-4CE0-82A2-B7AD599422FB} folder moved successfully.
C:\Users\*\AppData\Local\{974CE093-3FB8-4559-B5AF-BF04A264FAF4} folder moved successfully.
C:\Users\*\AppData\Local\{980AD297-14F8-4C7E-942F-D50DC986CBA0} folder moved successfully.
C:\Users\*\AppData\Local\{9C59161D-17F2-483C-AEEE-726E92E7142B} folder moved successfully.
C:\Users\*\AppData\Local\{9D0F5231-1E7D-474E-B0A2-A3AB4CE5F845} folder moved successfully.
C:\Users\*\AppData\Local\{9D9AC064-560B-47EB-84CC-AEB1746D1130} folder moved successfully.
C:\Users\*\AppData\Local\{9DD2A916-F57D-4B79-816A-E4961F5EDB95} folder moved successfully.
C:\Users\*\AppData\Local\{9DF6EEF0-B21F-40D7-882F-669AE0C68F66} folder moved successfully.
C:\Users\*\AppData\Local\{9EB46DDC-F060-497B-B1C6-782FA8084031} folder moved successfully.
C:\Users\*\AppData\Local\{A1DE4F70-C4A2-4095-B04C-15A814EDDF3E} folder moved successfully.
C:\Users\*\AppData\Local\{A1EE23F8-8736-4AB9-AAE9-20DED93BC354} folder moved successfully.
C:\Users\*\AppData\Local\{A21475C6-91F4-49EE-9AC1-14FFF5D4A002} folder moved successfully.
C:\Users\*\AppData\Local\{A3D6E54F-4F4E-405A-A688-8235EB9AC30B} folder moved successfully.
C:\Users\*\AppData\Local\{A64FEAE6-47D8-4431-BEB0-2D961D2E77EE} folder moved successfully.
C:\Users\*\AppData\Local\{A6F8B7CE-8B9D-43CA-A152-13C6ADBA6A05} folder moved successfully.
C:\Users\*\AppData\Local\{A7CEAD97-76B8-455A-AF6D-DAA501A95DDA} folder moved successfully.
C:\Users\*\AppData\Local\{A8759D86-BACA-4F58-8059-92D324539BA6} folder moved successfully.
C:\Users\*\AppData\Local\{A8DB2260-9DE1-42AE-87A6-619E2E8A26D7} folder moved successfully.
C:\Users\*\AppData\Local\{A9930515-9EFB-4D04-8342-4C76C503E088} folder moved successfully.
C:\Users\*\AppData\Local\{A9BC6AAA-D8C2-4CED-BCB0-F31A20085DA7} folder moved successfully.
C:\Users\*\AppData\Local\{AAC907A5-4D0F-4322-95AD-A607E8DF285E} folder moved successfully.
C:\Users\*\AppData\Local\{AC785EBC-6AA3-423D-90BC-9BC1548B93F1} folder moved successfully.
C:\Users\*\AppData\Local\{AD0AA1DC-A3D5-4DD5-8337-B626C9554524} folder moved successfully.
C:\Users\*\AppData\Local\{AE02DF5A-FF18-4C64-9AC6-9984E74921F2} folder moved successfully.
C:\Users\*\AppData\Local\{AE0D4408-A660-4CDD-AB5A-B97781EF2865} folder moved successfully.
C:\Users\*\AppData\Local\{AE506E02-33A8-43F0-B72D-2856DDE97D61} folder moved successfully.
C:\Users\*\AppData\Local\{AF1EA8B8-4ACA-4D90-93EE-B790461785E0} folder moved successfully.
C:\Users\*\AppData\Local\{AF564963-9A8A-45D6-A28B-0233FD170E73} folder moved successfully.
C:\Users\*\AppData\Local\{B0C62E39-74D0-46DD-8884-0464D71F2CDD} folder moved successfully.
C:\Users\*\AppData\Local\{B0C7939E-897A-44F7-8784-7F26F0AB3DD9} folder moved successfully.
C:\Users\*\AppData\Local\{B166D35B-F951-45FD-89C4-71DADF206208} folder moved successfully.
C:\Users\*\AppData\Local\{B2C36B5B-E8DA-4528-B6D8-5FDE1151F0BE} folder moved successfully.
C:\Users\*\AppData\Local\{B4A8A7D5-8729-439C-B26E-F2E807B05C9B} folder moved successfully.
C:\Users\*\AppData\Local\{B574EE3F-64A5-4069-A06F-B7E99B22399F} folder moved successfully.
C:\Users\*\AppData\Local\{B6203E94-8204-4FD2-B7AD-E5BD5C76D284} folder moved successfully.
C:\Users\*\AppData\Local\{B680E23E-A8DF-4CA5-8C72-79E0DE43A503} folder moved successfully.
C:\Users\*\AppData\Local\{B716363E-1F52-417E-A141-3A735EB514D2} folder moved successfully.
C:\Users\*\AppData\Local\{B71D3755-C9F5-47A9-AC62-E2AA9756BA3F} folder moved successfully.
C:\Users\*\AppData\Local\{B7468B65-F6CA-4A52-9098-7AAF643C9282} folder moved successfully.
C:\Users\*\AppData\Local\{B79AA0B9-76CD-49AF-BA83-2558E9100333} folder moved successfully.
C:\Users\*\AppData\Local\{B7A7A23B-9D18-44BD-BD02-7FE6C495621A} folder moved successfully.
C:\Users\*\AppData\Local\{B951696B-A0EF-4E65-8387-CBF35C6AB8CD} folder moved successfully.
C:\Users\*\AppData\Local\{B9943416-EEE7-464C-AA80-08E360596710} folder moved successfully.
C:\Users\*\AppData\Local\{BA40CEF3-9797-45C0-BBCC-FEA3FD0087AC} folder moved successfully.
C:\Users\*\AppData\Local\{BCDFA1E0-0BA0-48F4-BCFD-ACAE37E24B04} folder moved successfully.
C:\Users\*\AppData\Local\{BED532B8-F6CD-4D8E-93F6-773CE1412C15} folder moved successfully.
C:\Users\*\AppData\Local\{BF2AAA52-6774-4169-BCD6-C3DC6115F4C5} folder moved successfully.
C:\Users\*\AppData\Local\{C2706F2F-D5B1-471E-8381-0ACE2F5DCE60} folder moved successfully.
C:\Users\*\AppData\Local\{C30C71A0-C78D-4EFC-8059-6F7D8A3E00F0} folder moved successfully.
C:\Users\*\AppData\Local\{C800BE1A-4D59-4763-8B5C-7566D0FCB060} folder moved successfully.
C:\Users\*\AppData\Local\{C917401B-FF35-4180-A61E-0D635F8B7EC8} folder moved successfully.
C:\Users\*\AppData\Local\{CA4595BD-D46C-49FC-A035-A236383E94DB} folder moved successfully.
C:\Users\*\AppData\Local\{CCD5F48B-9B31-40F0-A7AF-85C9B03E54EE} folder moved successfully.
C:\Users\*\AppData\Local\{CF1EF0C3-6B18-477A-9ED5-ACF5D801BC79} folder moved successfully.
C:\Users\*\AppData\Local\{CFB68C35-2039-4F23-A06B-E6383FFCCC74} folder moved successfully.
C:\Users\*\AppData\Local\{D067B4A6-64F6-479E-A221-031B525AAFEE} folder moved successfully.
C:\Users\*\AppData\Local\{D0842608-49DB-4AF7-B31A-A9148ACE37B2} folder moved successfully.
C:\Users\*\AppData\Local\{D19DF3AE-3BF4-4F1F-B983-EDCA460A1C2A} folder moved successfully.
C:\Users\*\AppData\Local\{D1C4A47E-E28A-4654-A79F-6C7092955BDC} folder moved successfully.
C:\Users\*\AppData\Local\{D359D7E5-429B-4EE2-A96F-D4AD36AA6C1D} folder moved successfully.
C:\Users\*\AppData\Local\{D3760802-E1AE-42CF-BB96-495E38BAAC67} folder moved successfully.
C:\Users\*\AppData\Local\{D59DC2C1-EBF0-4632-B11E-98F87CB92CDB} folder moved successfully.
C:\Users\*\AppData\Local\{D80B94BC-09C5-4C8B-AC46-8EE9A5030B45} folder moved successfully.
C:\Users\*\AppData\Local\{D8391BF9-457D-4AAD-9FDC-27B9EDC22AFB} folder moved successfully.
C:\Users\*\AppData\Local\{D94DCEDC-9FAF-4D69-BEB1-9F2766C21E95} folder moved successfully.
C:\Users\*\AppData\Local\{DA120006-B6EB-4D4F-B300-841914DE7E2B} folder moved successfully.
C:\Users\*\AppData\Local\{DA2108E1-F251-42C5-92EC-27D9581D7D65} folder moved successfully.
C:\Users\*\AppData\Local\{DA505EFD-F5D4-4C2C-856F-633DB55A3E6F} folder moved successfully.
C:\Users\*\AppData\Local\{DA98C607-864A-4333-9B32-05B27B417597} folder moved successfully.
C:\Users\*\AppData\Local\{DAD533B5-E281-45DA-BB5F-FA0A91A34AEC} folder moved successfully.
C:\Users\*\AppData\Local\{DB848225-F02D-420B-B6C4-687D9CD802E1} folder moved successfully.
C:\Users\*\AppData\Local\{DC4CD252-6CF9-477F-8CF8-579624B32091} folder moved successfully.
C:\Users\*\AppData\Local\{DC92B64A-0F4D-4B26-B699-3C3FC99C6BE9} folder moved successfully.
C:\Users\*\AppData\Local\{E14F7AE7-8623-4BB1-BBEC-04922ADAECDA} folder moved successfully.
C:\Users\*\AppData\Local\{E19AC6A5-4B2D-4021-9ECA-017D2BA3A499} folder moved successfully.
C:\Users\*\AppData\Local\{E293DADC-E1C0-4CB0-9759-4099BBB6C7AB} folder moved successfully.
C:\Users\*\AppData\Local\{E4B6CA82-DC61-4F70-A0BB-94F0E03522AA} folder moved successfully.
C:\Users\*\AppData\Local\{E4EC9BFB-F841-4995-A3EB-FEB81398A04E} folder moved successfully.
C:\Users\*\AppData\Local\{E52F42CD-4C79-4533-967C-30901A0AC4FF} folder moved successfully.
C:\Users\*\AppData\Local\{E6E38B22-21E2-4801-B2B2-39ED6FB40666} folder moved successfully.
C:\Users\*\AppData\Local\{E800F748-4999-431D-8E37-4098B633B9FA} folder moved successfully.
C:\Users\*\AppData\Local\{EA0C7B1A-B5E2-4595-9037-732639C7D9E3} folder moved successfully.
C:\Users\*\AppData\Local\{EAD588B2-C4B4-44A3-9B11-9B5F91232677} folder moved successfully.
C:\Users\*\AppData\Local\{EEB2F9CC-218F-40ED-8218-80D921E69DBB} folder moved successfully.
C:\Users\*\AppData\Local\{EF3EC1DF-43F3-4FE5-8815-9F04D9B0C58D} folder moved successfully.
C:\Users\*\AppData\Local\{F0970BA3-B042-4BB7-B40A-6FDD00CA8E05} folder moved successfully.
C:\Users\*\AppData\Local\{F19DCD4A-E5F8-46CB-9042-8D2A2DF71AAA} folder moved successfully.
C:\Users\*\AppData\Local\{F37E81AA-A973-4B38-BC65-19264EC043BA} folder moved successfully.
C:\Users\*\AppData\Local\{F4B578A9-BF03-4457-BB18-4C2020DE030F} folder moved successfully.
C:\Users\*\AppData\Local\{F4CC09E3-E672-404C-AF04-049EB12138C8} folder moved successfully.
C:\Users\*\AppData\Local\{F53794CB-2CFB-4978-A465-F42528528E88} folder moved successfully.
C:\Users\*\AppData\Local\{F62D19E2-E438-4510-BF5D-63499CF91062} folder moved successfully.
C:\Users\*\AppData\Local\{F637B59E-4346-40BC-98FD-A1F20784304F} folder moved successfully.
C:\Users\*\AppData\Local\{F6FFF00D-DFFE-4B66-831A-4F725077B812} folder moved successfully.
C:\Users\*\AppData\Local\{F7629647-4A3C-4A46-BBFB-9BDC742A94DE} folder moved successfully.
C:\Users\*\AppData\Local\{F7BC8099-259C-4E6F-BC11-1CA432864380} folder moved successfully.
C:\Users\*\AppData\Local\{F7BDDEBA-776D-467D-B7DE-9B269EE601D8} folder moved successfully.
C:\Users\*\AppData\Local\{F7D60BC7-E10B-41E5-86E8-E2CC425DE298} folder moved successfully.
C:\Users\*\AppData\Local\{FB53635C-B2F3-4C6D-B539-4CCE389DC1B8} folder moved successfully.
C:\Users\*\AppData\Local\{FCB239F4-D4E8-403B-AB38-6D427727AC57} folder moved successfully.
C:\Users\*\AppData\Local\{FCD8D079-23E3-4E0B-97C4-03C7E71A6EC4} folder moved successfully.
C:\Users\*\AppData\Local\{FDE71007-1A9D-473E-98FF-6911ABD49CF9} folder moved successfully.
C:\Users\*\AppData\Local\{FEA48460-8AE5-474B-BC13-17693275D8AF} folder moved successfully.
 
OTL by OldTimer - Version 3.2.31.0 log created on 02062012_001350

WinniPu 06.02.2012 00:43
Da bin ich ja mal gespannt, wie doof ich mich nun angestellt habe ;(

cosinus 06.02.2012 09:18
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

WinniPu 06.02.2012 10:12
Code:
10:07:02.0315 2624        TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49
10:07:02.0465 2624        ============================================================
10:07:02.0465 2624        Current date / time: 2012/02/06 10:07:02.0465
10:07:02.0465 2624        SystemInfo:
10:07:02.0465 2624       
10:07:02.0465 2624        OS Version: 6.1.7601 ServicePack: 1.0
10:07:02.0465 2624        Product type: Workstation
10:07:02.0465 2624        ComputerName: ****-PC
10:07:02.0465 2624        UserName: ****
10:07:02.0465 2624        Windows directory: C:\Windows
10:07:02.0465 2624        System windows directory: C:\Windows
10:07:02.0465 2624        Running under WOW64
10:07:02.0465 2624        Processor architecture: Intel x64
10:07:02.0465 2624        Number of processors: 4
10:07:02.0465 2624        Page size: 0x1000
10:07:02.0465 2624        Boot type: Normal boot
10:07:02.0465 2624        ============================================================
10:07:03.0405 2624        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:07:03.0415 2624        \Device\Harddisk0\DR0:
10:07:03.0425 2624        MBR used
10:07:03.0425 2624        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:07:03.0425 2624        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CC00000
10:07:03.0445 2624        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CC33000, BlocksNum 0x2AD71000
10:07:03.0627 2624        Initialize success
10:07:03.0627 2624        ============================================================
10:08:09.0212 4876        ============================================================
10:08:09.0212 4876        Scan started
10:08:09.0212 4876        Mode: Manual; SigCheck; TDLFS;
10:08:09.0212 4876        ============================================================
10:08:09.0555 4876        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:08:09.0758 4876        1394ohci - ok
10:08:09.0883 4876        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:08:09.0929 4876        ACPI - ok
10:08:10.0007 4876        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:08:10.0085 4876        AcpiPmi - ok
10:08:10.0163 4876        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:10.0210 4876        adp94xx - ok
10:08:10.0241 4876        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:08:10.0288 4876        adpahci - ok
10:08:10.0304 4876        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:08:10.0335 4876        adpu320 - ok
10:08:10.0397 4876        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:08:10.0460 4876        AFD - ok
10:08:10.0507 4876        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:08:10.0538 4876        agp440 - ok
10:08:10.0585 4876        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:08:10.0616 4876        aliide - ok
10:08:10.0616 4876        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:08:10.0647 4876        amdide - ok
10:08:10.0678 4876        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:08:10.0725 4876        AmdK8 - ok
10:08:10.0741 4876        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:08:10.0803 4876        AmdPPM - ok
10:08:10.0834 4876        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:08:10.0865 4876        amdsata - ok
10:08:10.0881 4876        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:10.0912 4876        amdsbs - ok
10:08:10.0928 4876        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:08:10.0959 4876        amdxata - ok
10:08:11.0037 4876        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:08:11.0146 4876        AppID - ok
10:08:11.0177 4876        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:08:11.0209 4876        arc - ok
10:08:11.0240 4876        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:08:11.0271 4876        arcsas - ok
10:08:11.0302 4876        aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
10:08:11.0380 4876        aswFsBlk - ok
10:08:11.0411 4876        aswMonFlt      (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
10:08:11.0427 4876        aswMonFlt - ok
10:08:11.0458 4876        aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
10:08:11.0474 4876        aswRdr - ok
10:08:11.0521 4876        aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
10:08:11.0567 4876        aswSnx - ok
10:08:11.0583 4876        aswSP          (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
10:08:11.0614 4876        aswSP - ok
10:08:11.0630 4876        aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
10:08:11.0645 4876        aswTdi - ok
10:08:11.0692 4876        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:11.0817 4876        AsyncMac - ok
10:08:11.0895 4876        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:08:11.0926 4876        atapi - ok
10:08:12.0004 4876        athr            (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
10:08:12.0145 4876        athr - ok
10:08:12.0332 4876        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:12.0410 4876        b06bdrv - ok
10:08:12.0457 4876        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:12.0488 4876        b57nd60a - ok
10:08:12.0535 4876        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:08:12.0644 4876        Beep - ok
10:08:12.0691 4876        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:12.0706 4876        blbdrive - ok
10:08:12.0753 4876        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:08:12.0815 4876        bowser - ok
10:08:12.0862 4876        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:12.0909 4876        BrFiltLo - ok
10:08:12.0940 4876        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:13.0003 4876        BrFiltUp - ok
10:08:13.0049 4876        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:08:13.0112 4876        Brserid - ok
10:08:13.0127 4876        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:13.0174 4876        BrSerWdm - ok
10:08:13.0190 4876        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:13.0237 4876        BrUsbMdm - ok
10:08:13.0252 4876        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:13.0283 4876        BrUsbSer - ok
10:08:13.0346 4876        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:08:13.0408 4876        BthEnum - ok
10:08:13.0439 4876        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:13.0486 4876        BTHMODEM - ok
10:08:13.0517 4876        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:08:13.0580 4876        BthPan - ok
10:08:13.0627 4876        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:08:13.0689 4876        BTHPORT - ok
10:08:13.0736 4876        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:08:13.0814 4876        BTHUSB - ok
10:08:13.0876 4876        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:08:13.0954 4876        cdfs - ok
10:08:14.0032 4876        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:08:14.0110 4876        cdrom - ok
10:08:14.0126 4876        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:08:14.0188 4876        circlass - ok
10:08:14.0235 4876        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:08:14.0266 4876        CLFS - ok
10:08:14.0360 4876        clwvd          (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:08:14.0375 4876        clwvd - ok
10:08:14.0438 4876        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:14.0469 4876        CmBatt - ok
10:08:14.0531 4876        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:08:14.0563 4876        cmdide - ok
10:08:14.0594 4876        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:08:14.0656 4876        CNG - ok
10:08:14.0687 4876        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:08:14.0703 4876        Compbatt - ok
10:08:14.0734 4876        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:08:14.0765 4876        CompositeBus - ok
10:08:14.0890 4876        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:14.0906 4876        crcdisk - ok
10:08:15.0046 4876        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:08:15.0140 4876        DfsC - ok
10:08:15.0187 4876        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:08:15.0296 4876        discache - ok
10:08:15.0311 4876        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:08:15.0343 4876        Disk - ok
10:08:15.0389 4876        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:08:15.0436 4876        drmkaud - ok
10:08:15.0499 4876        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:08:15.0545 4876        DXGKrnl - ok
10:08:15.0655 4876        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:08:15.0842 4876        ebdrv - ok
10:08:15.0982 4876        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:08:16.0029 4876        elxstor - ok
10:08:16.0060 4876        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:08:16.0123 4876        ErrDev - ok
10:08:16.0154 4876        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:08:16.0263 4876        exfat - ok
10:08:16.0279 4876        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:08:16.0372 4876        fastfat - ok
10:08:16.0403 4876        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:08:16.0435 4876        fdc - ok
10:08:16.0466 4876        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:08:16.0497 4876        FileInfo - ok
10:08:16.0513 4876        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:08:16.0637 4876        Filetrace - ok
10:08:16.0653 4876        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:16.0684 4876        flpydisk - ok
10:08:16.0762 4876        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:08:16.0793 4876        FltMgr - ok
10:08:16.0840 4876        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:08:16.0856 4876        FsDepends - ok
10:08:16.0918 4876        fssfltr        (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
10:08:16.0949 4876        fssfltr - ok
10:08:16.0981 4876        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:08:16.0996 4876        Fs_Rec - ok
10:08:17.0043 4876        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:08:17.0090 4876        fvevol - ok
10:08:17.0121 4876        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:17.0152 4876        gagp30kx - ok
10:08:17.0230 4876        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:08:17.0277 4876        hcw85cir - ok
10:08:17.0308 4876        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:08:17.0355 4876        HdAudAddService - ok
10:08:17.0386 4876        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:08:17.0449 4876        HDAudBus - ok
10:08:17.0464 4876        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:17.0511 4876        HidBatt - ok
10:08:17.0542 4876        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:08:17.0589 4876        HidBth - ok
10:08:17.0620 4876        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:08:17.0667 4876        HidIr - ok
10:08:17.0729 4876        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:08:17.0776 4876        HidUsb - ok
10:08:17.0807 4876        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:08:17.0839 4876        HpSAMD - ok
10:08:17.0885 4876        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:08:17.0995 4876        HTTP - ok
10:08:18.0026 4876        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:08:18.0057 4876        hwpolicy - ok
10:08:18.0119 4876        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:08:18.0151 4876        i8042prt - ok
10:08:18.0197 4876        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
10:08:18.0229 4876        iaStor - ok
10:08:18.0275 4876        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:08:18.0307 4876        iaStorV - ok
10:08:18.0494 4876        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:18.0743 4876        igfx - ok
10:08:18.0837 4876        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:08:18.0868 4876        iirsp - ok
10:08:18.0993 4876        IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
10:08:19.0102 4876        IntcAzAudAddService - ok
10:08:19.0211 4876        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:08:19.0243 4876        intelide - ok
10:08:19.0274 4876        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:08:19.0321 4876        intelppm - ok
10:08:19.0383 4876        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:19.0477 4876        IpFilterDriver - ok
10:08:19.0508 4876        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:08:19.0555 4876        IPMIDRV - ok
10:08:19.0570 4876        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:08:19.0664 4876        IPNAT - ok
10:08:19.0695 4876        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:08:19.0742 4876        IRENUM - ok
10:08:19.0773 4876        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:08:19.0789 4876        isapnp - ok
10:08:19.0804 4876        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:08:19.0835 4876        iScsiPrt - ok
10:08:19.0882 4876        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:08:19.0913 4876        kbdclass - ok
10:08:19.0960 4876        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:08:19.0991 4876        kbdhid - ok
10:08:20.0038 4876        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:08:20.0069 4876        KSecDD - ok
10:08:20.0101 4876        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:08:20.0132 4876        KSecPkg - ok
10:08:20.0163 4876        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:08:20.0257 4876        ksthunk - ok
10:08:20.0303 4876        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:08:20.0397 4876        lltdio - ok
10:08:20.0459 4876        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:20.0475 4876        LSI_FC - ok
10:08:20.0491 4876        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:20.0522 4876        LSI_SAS - ok
10:08:20.0522 4876        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:20.0553 4876        LSI_SAS2 - ok
10:08:20.0569 4876        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:20.0600 4876        LSI_SCSI - ok
10:08:20.0615 4876        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:08:20.0709 4876        luafv - ok
10:08:20.0756 4876        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:08:20.0771 4876        megasas - ok
10:08:20.0803 4876        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:20.0834 4876        MegaSR - ok
10:08:20.0865 4876        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:08:20.0896 4876        MEIx64 - ok
10:08:20.0912 4876        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:08:21.0021 4876        Modem - ok
10:08:21.0052 4876        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:08:21.0099 4876        monitor - ok
10:08:21.0130 4876        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:08:21.0161 4876        mouclass - ok
10:08:21.0193 4876        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:08:21.0239 4876        mouhid - ok
10:08:21.0286 4876        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:08:21.0317 4876        mountmgr - ok
10:08:21.0349 4876        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:08:21.0364 4876        mpio - ok
10:08:21.0395 4876        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:08:21.0489 4876        mpsdrv - ok
10:08:21.0520 4876        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:08:21.0583 4876        MRxDAV - ok
10:08:21.0614 4876        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:21.0661 4876        mrxsmb - ok
10:08:21.0739 4876        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:21.0801 4876        mrxsmb10 - ok
10:08:21.0848 4876        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:21.0895 4876        mrxsmb20 - ok
10:08:21.0926 4876        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:08:21.0941 4876        msahci - ok
10:08:22.0004 4876        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:08:22.0035 4876        msdsm - ok
10:08:22.0066 4876        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:08:22.0207 4876        Msfs - ok
10:08:22.0222 4876        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:08:22.0316 4876        mshidkmdf - ok
10:08:22.0347 4876        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:08:22.0378 4876        msisadrv - ok
10:08:22.0425 4876        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:08:22.0519 4876        MSKSSRV - ok
10:08:22.0534 4876        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:22.0628 4876        MSPCLOCK - ok
10:08:22.0643 4876        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:08:22.0721 4876        MSPQM - ok
10:08:22.0768 4876        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:08:22.0799 4876        MsRPC - ok
10:08:22.0831 4876        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:08:22.0846 4876        mssmbios - ok
10:08:22.0877 4876        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:08:22.0971 4876        MSTEE - ok
10:08:22.0987 4876        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:23.0018 4876        MTConfig - ok
10:08:23.0033 4876        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:08:23.0065 4876        Mup - ok
10:08:23.0111 4876        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:08:23.0174 4876        NativeWifiP - ok
10:08:23.0252 4876        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
10:08:23.0314 4876        NDIS - ok
10:08:23.0423 4876        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:23.0533 4876        NdisCap - ok
10:08:23.0564 4876        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:23.0673 4876        NdisTapi - ok
10:08:23.0704 4876        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:23.0798 4876        Ndisuio - ok
10:08:23.0829 4876        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:23.0907 4876        NdisWan - ok
10:08:23.0954 4876        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:08:24.0047 4876        NDProxy - ok
10:08:24.0079 4876        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:08:24.0188 4876        NetBIOS - ok
10:08:24.0219 4876        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:08:24.0297 4876        NetBT - ok
10:08:24.0344 4876        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:08:24.0375 4876        nfrd960 - ok
10:08:24.0375 4876        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:08:24.0453 4876        Npfs - ok
10:08:24.0469 4876        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:08:24.0562 4876        nsiproxy - ok
10:08:24.0640 4876        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:08:24.0718 4876        Ntfs - ok
10:08:24.0749 4876        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:08:24.0843 4876        Null - ok
10:08:24.0905 4876        NVHDA          (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
10:08:24.0937 4876        NVHDA - ok
10:08:25.0264 4876        nvlddmkm        (e4c35efde340f3a18123ae85104b2b82) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:08:25.0685 4876        nvlddmkm - ok
10:08:25.0826 4876        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:08:25.0857 4876        nvraid - ok
10:08:25.0888 4876        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:08:25.0904 4876        nvstor - ok
10:08:25.0966 4876        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:08:25.0982 4876        nv_agp - ok
10:08:25.0997 4876        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:08:26.0060 4876        ohci1394 - ok
10:08:26.0138 4876        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:08:26.0185 4876        Parport - ok
10:08:26.0216 4876        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:08:26.0247 4876        partmgr - ok
10:08:26.0278 4876        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:08:26.0309 4876        pci - ok
10:08:26.0325 4876        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:08:26.0356 4876        pciide - ok
10:08:26.0372 4876        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:08:26.0403 4876        pcmcia - ok
10:08:26.0434 4876        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:08:26.0450 4876        pcw - ok
10:08:26.0497 4876        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:08:26.0621 4876        PEAUTH - ok
10:08:26.0715 4876        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:08:26.0809 4876        PptpMiniport - ok
10:08:26.0840 4876        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:08:26.0871 4876        Processor - ok
10:08:26.0918 4876        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:08:27.0027 4876        Psched - ok
10:08:27.0089 4876        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:08:27.0167 4876        ql2300 - ok
10:08:27.0183 4876        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:08:27.0199 4876        ql40xx - ok
10:08:27.0230 4876        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:08:27.0277 4876        QWAVEdrv - ok
10:08:27.0292 4876        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:08:27.0401 4876        RasAcd - ok
10:08:27.0448 4876        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:08:27.0542 4876        RasAgileVpn - ok
10:08:27.0573 4876        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:08:27.0667 4876        Rasl2tp - ok
10:08:27.0698 4876        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:08:27.0807 4876        RasPppoe - ok
10:08:27.0838 4876        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:08:27.0916 4876        RasSstp - ok
10:08:27.0963 4876        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:08:28.0072 4876        rdbss - ok
10:08:28.0088 4876        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:08:28.0150 4876        rdpbus - ok
10:08:28.0166 4876        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:08:28.0259 4876        RDPCDD - ok
10:08:28.0322 4876        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:08:28.0415 4876        RDPENCDD - ok
10:08:28.0431 4876        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:08:28.0540 4876        RDPREFMP - ok
10:08:28.0603 4876        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:08:28.0727 4876        RDPWD - ok
10:08:28.0837 4876        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:08:28.0883 4876        rdyboost - ok
10:08:28.0930 4876        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:08:28.0977 4876        RFCOMM - ok
10:08:29.0039 4876        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:08:29.0133 4876        rspndr - ok
10:08:29.0180 4876        RTL8167        (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:08:29.0211 4876        RTL8167 - ok
10:08:29.0320 4876        rtport          (4ca0dba9e224473d664c25e411f5a3bd) C:\Windows\SysWOW64\drivers\rtport.sys
10:08:29.0351 4876        rtport - ok
10:08:29.0445 4876        SABI            (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
10:08:29.0492 4876        SABI - ok
10:08:29.0554 4876        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:08:29.0585 4876        sbp2port - ok
10:08:29.0601 4876        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:08:29.0679 4876        scfilter - ok
10:08:29.0741 4876        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:08:29.0835 4876        secdrv - ok
10:08:29.0913 4876        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:08:29.0960 4876        Serenum - ok
10:08:29.0975 4876        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:08:30.0022 4876        Serial - ok
10:08:30.0069 4876        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:08:30.0116 4876        sermouse - ok
10:08:30.0147 4876        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:08:30.0194 4876        sffdisk - ok
10:08:30.0209 4876        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:08:30.0241 4876        sffp_mmc - ok
10:08:30.0272 4876        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:08:30.0319 4876        sffp_sd - ok
10:08:30.0350 4876        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:08:30.0381 4876        sfloppy - ok
10:08:30.0428 4876        Sftfs          (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:08:30.0475 4876        Sftfs - ok
10:08:30.0506 4876        Sftplay        (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:08:30.0537 4876        Sftplay - ok
10:08:30.0553 4876        Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:08:30.0568 4876        Sftredir - ok
10:08:30.0584 4876        Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:08:30.0599 4876        Sftvol - ok
10:08:30.0662 4876        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:08:30.0693 4876        SiSRaid2 - ok
10:08:30.0693 4876        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:08:30.0724 4876        SiSRaid4 - ok
10:08:30.0755 4876        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:08:30.0865 4876        Smb - ok
10:08:30.0896 4876        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:08:30.0911 4876        spldr - ok
10:08:30.0958 4876        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:08:31.0021 4876        srv - ok
10:08:31.0052 4876        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:08:31.0099 4876        srv2 - ok
10:08:31.0130 4876        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:08:31.0177 4876        srvnet - ok
10:08:31.0223 4876        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:08:31.0255 4876        stexstor - ok
10:08:31.0301 4876        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:08:31.0348 4876        StillCam - ok
10:08:31.0395 4876        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:08:31.0411 4876        swenum - ok
10:08:31.0504 4876        SynTP          (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
10:08:31.0567 4876        SynTP - ok
10:08:31.0738 4876        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:08:31.0832 4876        Tcpip - ok
10:08:31.0988 4876        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:08:32.0081 4876        TCPIP6 - ok
10:08:32.0175 4876        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:08:32.0284 4876        tcpipreg - ok
10:08:32.0315 4876        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:08:32.0409 4876        TDPIPE - ok
10:08:32.0425 4876        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:08:32.0503 4876        TDTCP - ok
10:08:32.0534 4876        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:08:32.0612 4876        tdx - ok
10:08:32.0659 4876        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:08:32.0690 4876        TermDD - ok
10:08:32.0752 4876        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:08:32.0846 4876        tssecsrv - ok
10:08:32.0893 4876        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:08:32.0939 4876        TsUsbFlt - ok
10:08:33.0002 4876        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:08:33.0095 4876        tunnel - ok
10:08:33.0127 4876        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:08:33.0158 4876        uagp35 - ok
10:08:33.0205 4876        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:08:33.0298 4876        udfs - ok
10:08:33.0361 4876        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:08:33.0376 4876        uliagpkx - ok
10:08:33.0423 4876        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:08:33.0470 4876        umbus - ok
10:08:33.0501 4876        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:08:33.0548 4876        UmPass - ok
10:08:33.0595 4876        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:08:33.0626 4876        usbccgp - ok
10:08:33.0673 4876        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:08:33.0751 4876        usbcir - ok
10:08:33.0782 4876        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:08:33.0813 4876        usbehci - ok
10:08:33.0860 4876        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:08:33.0907 4876        usbhub - ok
10:08:33.0938 4876        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:08:33.0969 4876        usbohci - ok
10:08:34.0000 4876        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:08:34.0047 4876        usbprint - ok
10:08:34.0063 4876        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:08:34.0094 4876        USBSTOR - ok
10:08:34.0125 4876        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:08:34.0156 4876        usbuhci - ok
10:08:34.0219 4876        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:08:34.0265 4876        usbvideo - ok
10:08:34.0297 4876        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:08:34.0328 4876        vdrvroot - ok
10:08:34.0375 4876        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:08:34.0406 4876        vga - ok
10:08:34.0421 4876        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:08:34.0515 4876        VgaSave - ok
10:08:34.0531 4876        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:08:34.0562 4876        vhdmp - ok
10:08:34.0593 4876        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:08:34.0609 4876        viaide - ok
10:08:34.0640 4876        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:08:34.0655 4876        volmgr - ok
10:08:34.0702 4876        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:08:34.0749 4876        volmgrx - ok
10:08:34.0780 4876        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:08:34.0811 4876        volsnap - ok
10:08:34.0858 4876        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:08:34.0889 4876        vsmraid - ok
10:08:34.0936 4876        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:08:34.0967 4876        vwifibus - ok
10:08:35.0014 4876        vwififlt        (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
10:08:35.0061 4876        vwififlt - ok
10:08:35.0077 4876        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:08:35.0123 4876        WacomPen - ok
10:08:35.0155 4876        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:35.0264 4876        WANARP - ok
10:08:35.0264 4876        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:35.0342 4876        Wanarpv6 - ok
10:08:35.0404 4876        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:08:35.0435 4876        Wd - ok
10:08:35.0467 4876        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:08:35.0513 4876        Wdf01000 - ok
10:08:35.0576 4876        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:08:35.0654 4876        WfpLwf - ok
10:08:35.0669 4876        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:08:35.0701 4876        WIMMount - ok
10:08:35.0794 4876        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:08:35.0825 4876        WmiAcpi - ok
10:08:35.0872 4876        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:08:35.0950 4876        ws2ifsl - ok
10:08:35.0981 4876        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:08:36.0075 4876        WudfPf - ok
10:08:36.0122 4876        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:08:36.0215 4876        WUDFRd - ok
10:08:36.0262 4876        MBR (0x1B8)    (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
10:08:36.0683 4876        \Device\Harddisk0\DR0 - ok
10:08:36.0699 4876        Boot (0x1200)  (a71f9d4598d239d26ca108ec7b2813b3) \Device\Harddisk0\DR0\Partition0
10:08:36.0699 4876        \Device\Harddisk0\DR0\Partition0 - ok
10:08:36.0730 4876        Boot (0x1200)  (91d1f98eb7ad2d47b9092638b4221da1) \Device\Harddisk0\DR0\Partition1
10:08:36.0730 4876        \Device\Harddisk0\DR0\Partition1 - ok
10:08:36.0761 4876        Boot (0x1200)  (23e567bbcdd1ad8f008fa1f4cb3f023a) \Device\Harddisk0\DR0\Partition2
10:08:36.0761 4876        \Device\Harddisk0\DR0\Partition2 - ok
10:08:36.0761 4876        ============================================================
10:08:36.0761 4876        Scan finished
10:08:36.0761 4876        ============================================================
10:08:36.0793 4668        Detected object count: 0
10:08:36.0793 4668        Actual detected object count: 0

cosinus 06.02.2012 10:15
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

WinniPu 06.02.2012 10:19
Guten Morgen Arene,
auf Dokumente, Desktop und Startmenü kann ich problemlos zugreifen!
Lg

WinniPu 06.02.2012 10:46
Combofix Logfile:
Code:
ComboFix 12-02-05.02 - Dili 06.02.2012  10:27:44.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6124.4653 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-06 bis 2012-02-06  ))))))))))))))))))))))))))))))
.
.
2012-02-06 09:37 . 2012-02-06 09:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-05 22:57 . 2012-02-05 22:57        --------        d-----w-        c:\windows\system32\%LOCALAPPDATA%
2012-02-05 22:51 . 2012-02-05 22:51        --------        d-----w-        C:\_OTL
2012-02-05 19:17 . 2012-02-05 19:17        --------        d-----w-        c:\program files (x86)\ESET
2012-02-05 18:58 . 2012-02-05 18:58        --------        d-----w-        c:\users\****\AppData\Roaming\Malwarebytes
2012-02-05 18:58 . 2012-02-05 18:58        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-05 18:58 . 2012-02-05 19:32        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 18:58 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-05 09:53 . 2011-11-28 17:53        304472        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-02-05 09:53 . 2011-11-28 17:51        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-02-05 09:53 . 2011-11-28 17:54        591192        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-02-05 09:53 . 2011-11-28 17:52        42328        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2012-02-05 09:53 . 2011-11-28 17:52        58712        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-02-05 09:52 . 2011-11-28 18:01        256960        ----a-w-        c:\windows\system32\aswBoot.exe
2012-02-05 09:52 . 2011-11-28 17:52        66904        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-02-05 09:52 . 2011-11-28 18:01        41184        ----a-w-        c:\windows\avastSS.scr
2012-02-05 09:52 . 2011-11-28 18:01        199816        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2012-02-05 09:52 . 2012-02-05 09:52        --------        d-----w-        c:\programdata\AVAST Software
2012-02-05 09:52 . 2012-02-05 09:52        --------        d-----w-        c:\program files\AVAST Software
2012-02-04 23:09 . 2012-02-04 23:09        --------        d-----w-        c:\users\****\AppData\Local\ElevatedDiagnostics
2012-02-03 08:31 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8360838-2F36-4AFF-B592-ED7CCC89B2A5}\mpengine.dll
2012-01-31 11:21 . 2012-01-31 11:21        --------        d-----w-        c:\windows\system32\SPReview
2012-01-31 11:07 . 2012-01-31 11:07        --------        d-----w-        c:\windows\system32\EventProviders
2012-01-11 19:27 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 19:27 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-11 19:27 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-11 19:27 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-11 19:27 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 19:27 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-11 19:27 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 19:27 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 11:27 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-01-31 11:27 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-01-26 23:52 . 2011-09-28 11:04        279656        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-15 06:38        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-11-16 11:59 . 2011-11-16 11:59        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2011-11-16 11:59 . 2011-11-16 11:59        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2011-11-16 11:59 . 2011-11-16 11:59        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-16 11:59 . 2011-11-16 11:59        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-16 11:59 . 2011-11-16 11:59        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2011-11-16 11:59 . 2011-11-16 11:59        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2011-11-16 11:59 . 2011-11-16 11:59        49664        ----a-w-        c:\windows\system32\imgutil.dll
2011-11-16 11:59 . 2011-11-16 11:59        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2011-11-16 11:59 . 2011-11-16 11:59        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2011-11-16 11:59 . 2011-11-16 11:59        367104        ----a-w-        c:\windows\SysWow64\html.iec
2011-11-16 11:59 . 2011-11-16 11:59        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2011-11-16 11:59 . 2011-11-16 11:59        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-11-16 11:59 . 2011-11-16 11:59        222208        ----a-w-        c:\windows\system32\msls31.dll
2011-11-16 11:59 . 2011-11-16 11:59        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-11-16 11:59 . 2011-11-16 11:59        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2011-11-16 11:59 . 2011-11-16 11:59        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2011-11-16 11:59 . 2011-11-16 11:59        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2011-11-16 11:59 . 2011-11-16 11:59        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2011-11-16 11:59 . 2011-11-16 11:59        12288        ----a-w-        c:\windows\system32\mshta.exe
2011-11-16 11:59 . 2011-11-16 11:59        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2011-11-16 11:59 . 2011-11-16 11:59        114176        ----a-w-        c:\windows\system32\admparse.dll
2011-11-16 11:59 . 2011-11-16 11:59        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2011-11-16 11:59 . 2011-11-16 11:59        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2011-11-16 11:59 . 2011-11-16 11:59        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2011-11-16 11:59 . 2011-11-16 11:59        85504        ----a-w-        c:\windows\system32\iesetup.dll
2011-11-16 11:59 . 2011-11-16 11:59        76800        ----a-w-        c:\windows\system32\tdc.ocx
2011-11-16 11:59 . 2011-11-16 11:59        603648        ----a-w-        c:\windows\system32\vbscript.dll
2011-11-16 11:59 . 2011-11-16 11:59        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2011-11-16 11:59 . 2011-11-16 11:59        448512        ----a-w-        c:\windows\system32\html.iec
2011-11-16 11:59 . 2011-11-16 11:59        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-16 11:59 . 2011-11-16 11:59        165888        ----a-w-        c:\windows\system32\iexpress.exe
2011-11-16 11:59 . 2011-11-16 11:59        160256        ----a-w-        c:\windows\system32\wextract.exe
2011-11-16 11:59 . 2011-11-16 11:59        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2011-11-16 11:59 . 2011-11-16 11:59        111616        ----a-w-        c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 69174414
*Deregistered* - 69174414
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 10:25]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 10:25]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000Core.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 08:35]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000UA.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 08:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        134384        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = <local>
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-06  10:41:52
ComboFix-quarantined-files.txt  2012-02-06 09:41
.
Vor Suchlauf: 8 Verzeichnis(se), 199.597.563.904 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 199.219.150.848 Bytes frei
.
- - End Of File - - 261C7AFC9799835725DECA25B3CA2D81
--- --- ---

WinniPu 06.02.2012 10:49
Nach Updates und Wiederherstellungen wurden nicht gefragt...
Soll ich nun ComboFix deinstallieren wie im Tutorium beschrieben?

cosinus 06.02.2012 11:40
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

WinniPu 06.02.2012 11:55
Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 11:47:35
-----------------------------
11:47:35.146    OS Version: Windows x64 6.1.7601 Service Pack 1
11:47:35.146    Number of processors: 4 586 0x2A07
11:47:35.146    ComputerName: ****-PC  UserName: ****
11:47:35.973    Initialize success
11:47:36.098    AVAST engine defs: 12020503
11:47:49.436    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:47:49.436    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
11:47:49.483    Disk 0 MBR read successfully
11:47:49.483    Disk 0 MBR scan
11:47:49.498    Disk 0 unknown MBR code
11:47:49.514    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:47:49.529    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      235520 MB offset 206848
11:47:49.545    Disk 0 Partition - 00    0F Extended LBA            350947 MB offset 482551808
11:47:49.576    Disk 0 Partition 3 00    27 Hidden NTFS WinRE NTFS        23907 MB offset 1201291264
11:47:49.607    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      350946 MB offset 482553856
11:47:49.623    Service scanning
11:47:51.089    Modules scanning
11:47:51.089    Disk 0 trace - called modules:
11:47:51.620   
11:47:52.275    AVAST engine scan C:\Windows
11:47:55.223    AVAST engine scan C:\Windows\system32
11:50:09.399    AVAST engine scan C:\Windows\system32\drivers
11:50:19.976    AVAST engine scan C:\Users\****
11:51:32.875    AVAST engine scan C:\ProgramData
11:53:14.909    Scan finished successfully
11:54:15.623    Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
11:54:15.639    The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:38 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131