Trojaner-Board - Windows Delayed write failed | ESET-LOG

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG (https://www.trojaner-board.de/111853-windows-delayed-write-failed-eset-log-malwarebytes-log.html)

Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG

Hallo liebe Virenjäger,

ich habe ein Problem mit dem "Windows -Delayed Write Failed"-Fehlermeldungen. Die Symptome: Schwarzer Desktop, unzählige Fehlermeldungen, Startmenü ist leer.

Folgende Logs habe ich bereits erstellt:

Malwarebytes:

Code:

 Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org

 

Datenbank Version: v2012.03.18.03

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: ADMIN-PC [Administrator]

 

Schutz: Aktiviert

 

18.03.2012 23:52:41

mbam-log-2012-03-18 (23-52-41).txt

 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 400611

Laufzeit: 29 Minute(n), 25 Sekunde(n)

 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateiobjekte der Registrierung: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)

 

(Ende)

ESET:

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4a809d6ca81a5b4b8a5290b02365f31a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-19 06:04:05

# local_time=2012-03-19 07:04:05 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 4285 83743147 0 0

# compatibility_mode=8192 67108863 100 0 3714 3714 0 0

# scanned=205449

# found=1

# cleaned=0

# scan_time=23747

${Memory}    multiple threats    00000000000000000000000000000000    I

ESETSmartInstaller@High as downloader log:

all ok

Ich hoffe, jemand kann mir helfen.

Viele Grüße

Tobias

Moin,

das Problem konnte ich leider noch nicht alleine lösen. Ich habe jetzt noch ein OLT-Log erstellt. Ich hoffe, jemand kann mir helfen:

OLT

Code:

OTL logfile created on: 20.03.2012 08:27:02 - Run 1

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,92 Gb Total Physical Memory | 6,71 Gb Available Physical Memory | 84,77% Memory free

15,84 Gb Paging File | 13,94 Gb Available in Paging File | 88,02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 59,63 Gb Total Space | 8,23 Gb Free Space | 13,81% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 828,05 Gb Free Space | 88,89% Space Free | Partition Type: NTFS

Drive E: | 1,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 111,76 Gb Total Space | 23,15 Gb Free Space | 20,72% Space Free | Partition Type: FAT32

 

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.12.09 12:40:05 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.09 12:39:54 | 000,258,512 | -H-- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.12.09 12:39:54 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.10.17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.03.30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.17 22:51:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5b253e1301f52ac71695d2aeb390ef4\IAStorUtil.ni.dll

MOD - [2012.02.17 10:10:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll

MOD - [2012.02.17 10:10:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.17 10:10:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012.02.17 10:09:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012.02.17 10:09:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.17 10:09:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.17 10:09:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012.02.17 10:09:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2011.11.23 14:22:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll

MOD - [2011.11.07 15:21:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.03.16 07:25:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.12.09 12:40:05 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.09 12:39:54 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011.12.01 19:15:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.20 08:19:07 | 000,048,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mqzkqxqz.sys -- (mqzkqxqz)

DRV:64bit: - [2012.02.16 20:52:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.10.15 11:48:08 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)

DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.05.13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.10.26 03:08:08 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.09.26 12:31:02 | 000,804,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE:64bit: - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.01.08 14:03:25 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 02:03:16 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.03 22:39:49 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 02:03:16 | 000,000,000 | -H-D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions

[2012.03.08 17:42:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions

[2012.03.08 17:42:31 | 000,000,000 | -H-D | M] (Evernote Web Clipper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

[2012.01.08 14:03:25 | 000,000,000 | -H-D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S6CDB.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE39E68-CA98-4B56-9A4F-29D18492CB03}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB4DC382-D36F-4991-83A4-4AE57BCCF4C5}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.05.10 23:16:15 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.20 08:24:18 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe

[2012.03.19 00:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.03.19 00:26:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe

[2012.03.19 00:17:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[2012.03.18 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.18 23:49:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.03.16 07:53:57 | 000,000,000 | -H-D | C] -- C:\Users\admin\Desktop\Katis Stick

[2012.03.13 21:03:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\ALM

[2012.03.13 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared

[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name

[2012.03.13 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012.03.13 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012.03.13 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS5.5

[2012.03.11 18:29:10 | 000,000,000 | -H-D | C] -- C:\Users\admin\Desktop\Impfpass

[2012.03.11 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

[2012.03.11 17:37:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\EPSON

[2012.03.08 22:31:12 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012.03.08 17:09:28 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\GMX

[2012.03.08 17:09:27 | 000,135,168 | ---- | C] (GMX GmbH) -- C:\Windows\SysNative\UIGMXMON.DLL

[2012.03.08 17:09:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\GMX

[2012.03.08 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX

[2012.03.01 20:48:24 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\FileZilla

[2012.03.01 20:48:17 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe

[2012.03.20 07:58:25 | 000,013,694 | ---- | M] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk

[2012.03.20 07:57:43 | 000,000,264 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhy

[2012.03.20 07:57:42 | 000,000,176 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhyr

[2012.03.20 07:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.19 06:53:22 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.19 06:53:22 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.19 00:25:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe

[2012.03.19 00:18:06 | 000,000,456 | ---- | M] () -- C:\ProgramData\WH8xvv4hj5eqhy

[2012.03.18 23:49:39 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.18 23:12:55 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.03.18 23:12:55 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.03.18 23:12:55 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.03.18 23:12:55 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.03.18 23:12:55 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.03.18 23:06:24 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

[2012.03.18 23:05:54 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.15 17:22:02 | 000,584,757 | -H-- | M] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg

[2012.03.15 17:19:58 | 000,684,374 | -H-- | M] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg

[2012.03.15 16:45:43 | 005,113,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.03.13 22:34:51 | 000,001,256 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk

[2012.03.13 22:34:45 | 000,001,186 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk

[2012.03.13 22:34:42 | 000,001,681 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk

[2012.03.13 22:34:30 | 000,001,108 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk

[2012.03.13 22:34:13 | 000,001,225 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk

[2012.03.13 22:33:59 | 000,001,109 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk

[2012.03.10 19:59:40 | 000,000,641 | -H-- | M] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk

[2012.03.10 19:56:42 | 000,000,641 | -H-- | M] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk

[2012.03.10 19:56:30 | 000,000,664 | -H-- | M] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk

[2012.03.07 16:57:21 | 000,001,005 | -H-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.03.20 07:58:25 | 000,013,694 | ---- | C] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk

[2012.03.19 00:17:02 | 000,000,264 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhy

[2012.03.19 00:17:02 | 000,000,176 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhyr

[2012.03.19 00:17:00 | 000,000,456 | ---- | C] () -- C:\ProgramData\WH8xvv4hj5eqhy

[2012.03.18 23:49:39 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.15 17:22:00 | 000,584,757 | -H-- | C] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg

[2012.03.15 17:19:56 | 000,684,374 | -H-- | C] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg

[2012.03.13 22:34:51 | 000,001,256 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk

[2012.03.13 22:34:45 | 000,001,186 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk

[2012.03.13 22:34:42 | 000,001,681 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk

[2012.03.13 22:34:30 | 000,001,108 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk

[2012.03.13 22:34:13 | 000,001,225 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk

[2012.03.13 22:33:59 | 000,001,109 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk

[2012.03.10 19:59:40 | 000,000,641 | -H-- | C] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk

[2012.03.10 19:56:42 | 000,000,641 | -H-- | C] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk

[2012.03.10 19:56:30 | 000,000,664 | -H-- | C] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk

[2011.12.01 21:21:06 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.11.23 14:52:09 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011.11.23 14:52:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.11.23 14:52:09 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.11.23 14:52:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.11.23 14:52:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.11.23 14:50:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.04.27 14:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe

 
 ========== LOP Check ==========

 

[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo

[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox

[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla

[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX

[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org

[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex

[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw

[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client

[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software

[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly

[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP

[2012.02.18 21:16:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.03.18 23:06:24 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.03.13 22:36:07 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Adobe

[2011.12.22 23:18:08 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer

[2011.12.17 17:13:49 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Avira

[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo

[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox

[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla

[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX

[2011.12.01 16:55:53 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Identities

[2011.12.01 17:03:09 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\InstallShield

[2011.12.01 16:56:01 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Intel Corporation

[2011.12.01 17:18:57 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Macromedia

[2012.03.18 23:49:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2010.11.21 08:00:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs

[2012.03.19 06:48:19 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft

[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Mozilla

[2011.12.01 21:34:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\NVIDIA

[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org

[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex

[2012.01.24 22:25:41 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Skype

[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw

[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client

[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software

[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly

[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP

[2012.01.20 11:16:19 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

[2012.02.15 00:03:14 | 024,246,216 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.02.15 00:03:44 | 000,174,752 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.12.01 19:19:21 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012.03.13 20:47:41 | 000,010,134 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe

[2012.01.04 23:39:51 | 000,576,536 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_74f348dee3038044\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 

< End of report >

Ich werde daraus leider nicht schlau :(.

Viele Grüße

Tobias

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hallo Arne,

danke für deine Antwort. Ich habe Malwarebytes für diesen Virus erstmals benutzt. Unter Logfiles finden sich trotzdem 4 Files:

Vom 20.03.:

Code:

2012/03/20 07:57:48 +0100        ADMIN-PC        admin        IP-BLOCK        217.23.9.189 (Type: outgoing, Port: 51572, Process: wh8xvv4hj5eqhy.exe)

2012/03/20 07:57:48 +0100        ADMIN-PC        admin        IP-BLOCK        141.136.16.61 (Type: outgoing, Port: 51573, Process: wh8xvv4hj5eqhy.exe)

2012/03/20 08:25:58 +0100        ADMIN-PC        admin        MESSAGE        Stopping IP protection

2012/03/20 08:26:28 +0100        ADMIN-PC        admin        MESSAGE        IP Protection stopped

2012/03/20 08:49:44 +0100        ADMIN-PC        admin        MESSAGE        Executing scheduled update:  Daily

2012/03/20 08:49:50 +0100        ADMIN-PC        admin        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.03.18.03 to version v2012.03.20.02

2012/03/20 08:49:50 +0100        ADMIN-PC        admin        MESSAGE        Starting database refresh

2012/03/20 08:49:52 +0100        ADMIN-PC        admin        MESSAGE        Database refreshed successfully

2012/03/20 20:13:49 +0100        ADMIN-PC        admin        MESSAGE        Starting protection

2012/03/20 20:13:50 +0100        ADMIN-PC        admin        MESSAGE        Protection started successfully

2012/03/20 20:13:53 +0100        ADMIN-PC        admin        MESSAGE        Starting IP protection

2012/03/20 20:13:53 +0100        ADMIN-PC        admin        MESSAGE        IP Protection started successfully

vom 19.03.:

Code:

2012/03/19 00:06:15 +0100        ADMIN-PC        admin        MESSAGE        Executing scheduled update:  Daily

2012/03/19 00:06:15 +0100        ADMIN-PC        admin        MESSAGE        Database already up-to-date

2012/03/19 00:17:08 +0100        ADMIN-PC        admin        IP-BLOCK        217.23.9.189 (Type: outgoing, Port: 49733, Process: wh8xvv4hj5eqhy.exe)

2012/03/19 00:17:08 +0100        ADMIN-PC        admin        IP-BLOCK        141.136.16.61 (Type: outgoing, Port: 49734, Process: wh8xvv4hj5eqhy.exe)

2012/03/19 16:04:42 +0100        ADMIN-PC        admin        IP-BLOCK        217.23.9.189 (Type: outgoing, Port: 50036, Process: wh8xvv4hj5eqhy.exe)

2012/03/19 16:04:42 +0100        ADMIN-PC        admin        IP-BLOCK        141.136.16.61 (Type: outgoing, Port: 50037, Process: wh8xvv4hj5eqhy.exe)

vom 18.03.:

Code:

2012/03/18 23:50:15 +0100        ADMIN-PC        admin        MESSAGE        Starting protection

2012/03/18 23:50:16 +0100        ADMIN-PC        admin        MESSAGE        Protection started successfully

2012/03/18 23:50:19 +0100        ADMIN-PC        admin        MESSAGE        Starting IP protection

2012/03/18 23:50:20 +0100        ADMIN-PC        admin        MESSAGE        IP Protection started successfully

und das eingangs gepostete LOG-File (18.03.):

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.18.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: ADMIN-PC [Administrator]
 

Schutz: Aktiviert
 

18.03.2012 23:52:41

mbam-log-2012-03-18 (23-52-41).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 400611

Laufzeit: 29 Minute(n), 25 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Viele Grüße

Tobias

Hier ein kleines Update:

Die Fehlermeldungen sind weg. Auch das Fake-Virenprogramm geht nicht mehr auf. Ich habe die ersten Symbole wieder hergestellt. Nur für das Startmenü habe ich noch nicht herausgefunden, wie das geht.

Ich habe heute nochmal einen Suchlauf mit AVIRA gestartet. Der hat bei der Suche ein Trojanisches Pferd entdeckt: FakeSysdef.442368.69. Ist das mein Virus? Oder schon wieder ein neuer Virus?

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Mittwoch, 21. März 2012  08:01
 

Es wird nach 3581057 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 x64

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : admin

Computername   : ADMIN-PC
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00

AVSCAN.EXE     : 12.1.0.20     492496 Bytes  16.02.2012 19:52:33

AVSCAN.DLL     : 12.1.0.18      65744 Bytes  16.02.2012 19:52:32

LUKE.DLL       : 12.1.0.19      68304 Bytes  16.02.2012 19:52:35

AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  16.02.2012 19:52:36

AVREG.DLL      : 12.1.0.29     228048 Bytes  16.02.2012 19:52:36

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:18:17

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 19:07:21

VBASE004.VDF   : 7.11.21.239     2048 Bytes  01.02.2012 19:07:21

VBASE005.VDF   : 7.11.21.240     2048 Bytes  01.02.2012 19:07:21

VBASE006.VDF   : 7.11.21.241     2048 Bytes  01.02.2012 19:07:22

VBASE007.VDF   : 7.11.21.242     2048 Bytes  01.02.2012 19:07:22

VBASE008.VDF   : 7.11.21.243     2048 Bytes  01.02.2012 19:07:23

VBASE009.VDF   : 7.11.21.244     2048 Bytes  01.02.2012 19:07:23

VBASE010.VDF   : 7.11.21.245     2048 Bytes  01.02.2012 19:07:23

VBASE011.VDF   : 7.11.21.246     2048 Bytes  01.02.2012 19:07:23

VBASE012.VDF   : 7.11.21.247     2048 Bytes  01.02.2012 19:07:23

VBASE013.VDF   : 7.11.22.33   1486848 Bytes  03.02.2012 19:09:41

VBASE014.VDF   : 7.11.22.56    687616 Bytes  03.02.2012 19:11:58

VBASE015.VDF   : 7.11.22.92    178176 Bytes  06.02.2012 19:12:03

VBASE016.VDF   : 7.11.22.154   144896 Bytes  08.02.2012 19:03:45

VBASE017.VDF   : 7.11.22.220   183296 Bytes  13.02.2012 19:03:54

VBASE018.VDF   : 7.11.23.34    202752 Bytes  15.02.2012 19:52:20

VBASE019.VDF   : 7.11.23.98    126464 Bytes  17.02.2012 19:52:14

VBASE020.VDF   : 7.11.23.150   148480 Bytes  20.02.2012 14:47:12

VBASE021.VDF   : 7.11.23.224   172544 Bytes  23.02.2012 14:47:13

VBASE022.VDF   : 7.11.24.52    219648 Bytes  28.02.2012 16:02:07

VBASE023.VDF   : 7.11.24.152   165888 Bytes  05.03.2012 16:02:13

VBASE024.VDF   : 7.11.24.204   177664 Bytes  07.03.2012 16:02:19

VBASE025.VDF   : 7.11.25.30    245248 Bytes  12.03.2012 16:32:54

VBASE026.VDF   : 7.11.25.121   252416 Bytes  15.03.2012 17:53:49

VBASE027.VDF   : 7.11.25.177   202752 Bytes  20.03.2012 06:59:13

VBASE028.VDF   : 7.11.25.178     2048 Bytes  20.03.2012 06:59:13

VBASE029.VDF   : 7.11.25.179     2048 Bytes  20.03.2012 06:59:13

VBASE030.VDF   : 7.11.25.180     2048 Bytes  20.03.2012 06:59:13

VBASE031.VDF   : 7.11.25.194    43520 Bytes  21.03.2012 06:59:13

Engineversion  : 8.2.10.24 

AEVDF.DLL      : 8.1.2.2       106868 Bytes  09.12.2011 11:39:53

AESCRIPT.DLL   : 8.1.4.10      455035 Bytes  15.03.2012 17:29:05

AESCN.DLL      : 8.1.8.2       131444 Bytes  31.01.2012 15:58:43

AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 11:18:23

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.5      803190 Bytes  08.03.2012 15:56:11

AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  30.12.2011 12:35:55

AEHEUR.DLL     : 8.1.4.7      4501878 Bytes  16.03.2012 17:55:04

AEHELP.DLL     : 8.1.19.0      254327 Bytes  19.01.2012 19:01:05

AEGEN.DLL      : 8.1.5.23      409973 Bytes  08.03.2012 15:56:06

AEEXP.DLL      : 8.1.0.25       74101 Bytes  15.03.2012 17:29:05

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 17:29:01

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.1.0.17      27344 Bytes  09.12.2011 11:39:57

AVPREF.DLL     : 12.1.0.17      51920 Bytes  09.12.2011 11:39:55

AVREP.DLL      : 12.1.0.17     179408 Bytes  09.12.2011 11:39:55

AVARKT.DLL     : 12.1.0.23     209360 Bytes  16.02.2012 19:52:32

AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  09.12.2011 11:39:54

SQLITE3.DLL    : 3.7.0.0       398288 Bytes  09.12.2011 11:40:07

AVSMTP.DLL     : 12.1.0.17      62928 Bytes  09.12.2011 11:39:56

NETNT.DLL      : 12.1.0.17      17104 Bytes  09.12.2011 11:40:03

RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  09.12.2011 11:40:18

RCTEXT.DLL     : 12.1.0.16      98512 Bytes  09.12.2011 11:40:19
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Vollständige Systemprüfung

Konfigurationsdatei...................: D:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, G:, Q:, 

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: ein

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: erweitert

Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,
 

Beginn des Suchlaufs: Mittwoch, 21. März 2012  08:01
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!

Masterbootsektor HD1

    [INFO]      Es wurde kein Virus gefunden!

Masterbootsektor HD2

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'D:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'G:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'Q:\'

    [INFO]      Es wurde kein Virus gefunden!

    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
 

Der Suchlauf nach versteckten Objekten wird begonnen.

c:\windows\system32\drivers\mqzkqxqz.sys

c:\windows\system32\drivers\mqzkqxqz.sys

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Events\{D5BBCFC5-166A-4F89-B13C-9888B375CFE8}

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Servers\7A9BE094-1BAC-4E71-A04C-3862821E7C67\IPAddress

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009\Linkage\UpperBind

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C3C164DA-CC4C-415A-953E-F15DC80066D6}\Connection\Name

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_LOCAL_MACHINE\System\ControlSet001\services\Tcpip\Parameters\Interfaces\{BB4DC382-D36F-4991-83A4-4AE57BCCF4C5}\DhcpInterfaceOptions

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_LOCAL_MACHINE\System\ControlSet002\services\mqzkqxqz

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Health\{0BC503B6-3DD8-4419-A71D-98CBBCC82C49}

  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '71' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '126' Modul(e) wurden durchsucht

Durchsuche Prozess 'SteamService.exe' - '40' Modul(e) wurden durchsucht

Durchsuche Prozess 'daemonu.exe' - '58' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamservice.exe' - '48' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht

Durchsuche Prozess 'AdobeARM.exe' - '54' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAStorIcon.exe' - '51' Modul(e) wurden durchsucht

Durchsuche Prozess 'AAM Updates Notifier.exe' - '72' Modul(e) wurden durchsucht

Durchsuche Prozess 'steam.exe' - '132' Modul(e) wurden durchsucht

Durchsuche Prozess 'tv_w32.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'TeamViewer.exe' - '98' Modul(e) wurden durchsucht

Durchsuche Prozess 'CVHSVC.EXE' - '60' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftlist.exe' - '63' Modul(e) wurden durchsucht

Durchsuche Prozess 'TeamViewer_Service.exe' - '97' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'SeaPort.EXE' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '1263' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\' <Windows 7>

C:\Users\admin\AppData\Local\Temp\UFISMZihQLvVwG.exe.tmp

  [FUND]      Ist das Trojanische Pferd TR/FakeSysdef.442368.69

Beginne mit der Suche in 'D:\' <Volume>

Beginne mit der Suche in 'G:\' <TREKSTOR>

Beginne mit der Suche in 'Q:\'

Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!

Systemfehler [5]: Zugriff verweigert
 

Beginne mit der Desinfektion:

C:\Users\admin\AppData\Local\Temp\UFISMZihQLvVwG.exe.tmp

  [FUND]      Ist das Trojanische Pferd TR/FakeSysdef.442368.69

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49a127e0.qua' verschoben!
 
 

Ende des Suchlaufs: Mittwoch, 21. März 2012  08:33

Benötigte Zeit: 31:12 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  34302 Verzeichnisse wurden überprüft

 953690 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 953689 Dateien ohne Befall

   7147 Archive wurden durchsucht

      0 Warnungen

      9 Hinweise

 637902 Objekte wurden beim Rootkitscan durchsucht

      8 Versteckte Objekte wurden gefunden

Hier noch der Report vom letzten mal:

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Sonntag, 18. März 2012  23:00
 

Es wird nach 3567427 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 x64

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : ADMIN-PC
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00

AVSCAN.EXE     : 12.1.0.20     492496 Bytes  16.02.2012 19:52:33

AVSCAN.DLL     : 12.1.0.18      65744 Bytes  16.02.2012 19:52:32

LUKE.DLL       : 12.1.0.19      68304 Bytes  16.02.2012 19:52:35

AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  16.02.2012 19:52:36

AVREG.DLL      : 12.1.0.29     228048 Bytes  16.02.2012 19:52:36

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:18:17

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 19:07:21

VBASE004.VDF   : 7.11.21.239     2048 Bytes  01.02.2012 19:07:21

VBASE005.VDF   : 7.11.21.240     2048 Bytes  01.02.2012 19:07:21

VBASE006.VDF   : 7.11.21.241     2048 Bytes  01.02.2012 19:07:22

VBASE007.VDF   : 7.11.21.242     2048 Bytes  01.02.2012 19:07:22

VBASE008.VDF   : 7.11.21.243     2048 Bytes  01.02.2012 19:07:23

VBASE009.VDF   : 7.11.21.244     2048 Bytes  01.02.2012 19:07:23

VBASE010.VDF   : 7.11.21.245     2048 Bytes  01.02.2012 19:07:23

VBASE011.VDF   : 7.11.21.246     2048 Bytes  01.02.2012 19:07:23

VBASE012.VDF   : 7.11.21.247     2048 Bytes  01.02.2012 19:07:23

VBASE013.VDF   : 7.11.22.33   1486848 Bytes  03.02.2012 19:09:41

VBASE014.VDF   : 7.11.22.56    687616 Bytes  03.02.2012 19:11:58

VBASE015.VDF   : 7.11.22.92    178176 Bytes  06.02.2012 19:12:03

VBASE016.VDF   : 7.11.22.154   144896 Bytes  08.02.2012 19:03:45

VBASE017.VDF   : 7.11.22.220   183296 Bytes  13.02.2012 19:03:54

VBASE018.VDF   : 7.11.23.34    202752 Bytes  15.02.2012 19:52:20

VBASE019.VDF   : 7.11.23.98    126464 Bytes  17.02.2012 19:52:14

VBASE020.VDF   : 7.11.23.150   148480 Bytes  20.02.2012 14:47:12

VBASE021.VDF   : 7.11.23.224   172544 Bytes  23.02.2012 14:47:13

VBASE022.VDF   : 7.11.24.52    219648 Bytes  28.02.2012 16:02:07

VBASE023.VDF   : 7.11.24.152   165888 Bytes  05.03.2012 16:02:13

VBASE024.VDF   : 7.11.24.204   177664 Bytes  07.03.2012 16:02:19

VBASE025.VDF   : 7.11.25.30    245248 Bytes  12.03.2012 16:32:54

VBASE026.VDF   : 7.11.25.121   252416 Bytes  15.03.2012 17:53:49

VBASE027.VDF   : 7.11.25.122     2048 Bytes  15.03.2012 17:53:49

VBASE028.VDF   : 7.11.25.123     2048 Bytes  15.03.2012 17:53:49

VBASE029.VDF   : 7.11.25.124     2048 Bytes  15.03.2012 17:53:49

VBASE030.VDF   : 7.11.25.125     2048 Bytes  15.03.2012 17:53:50

VBASE031.VDF   : 7.11.25.136    44032 Bytes  16.03.2012 17:53:52

Engineversion  : 8.2.10.24 

AEVDF.DLL      : 8.1.2.2       106868 Bytes  09.12.2011 11:39:53

AESCRIPT.DLL   : 8.1.4.10      455035 Bytes  15.03.2012 17:29:05

AESCN.DLL      : 8.1.8.2       131444 Bytes  31.01.2012 15:58:43

AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 11:18:23

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.5      803190 Bytes  08.03.2012 15:56:11

AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  30.12.2011 12:35:55

AEHEUR.DLL     : 8.1.4.7      4501878 Bytes  16.03.2012 17:55:04

AEHELP.DLL     : 8.1.19.0      254327 Bytes  19.01.2012 19:01:05

AEGEN.DLL      : 8.1.5.23      409973 Bytes  08.03.2012 15:56:06

AEEXP.DLL      : 8.1.0.25       74101 Bytes  15.03.2012 17:29:05

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 17:29:01

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.1.0.17      27344 Bytes  09.12.2011 11:39:57

AVPREF.DLL     : 12.1.0.17      51920 Bytes  09.12.2011 11:39:55

AVREP.DLL      : 12.1.0.17     179408 Bytes  09.12.2011 11:39:55

AVARKT.DLL     : 12.1.0.23     209360 Bytes  16.02.2012 19:52:32

AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  09.12.2011 11:39:54

SQLITE3.DLL    : 3.7.0.0       398288 Bytes  09.12.2011 11:40:07

AVSMTP.DLL     : 12.1.0.17      62928 Bytes  09.12.2011 11:39:56

NETNT.DLL      : 12.1.0.17      17104 Bytes  09.12.2011 11:40:03

RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  09.12.2011 11:40:18

RCTEXT.DLL     : 12.1.0.16      98512 Bytes  09.12.2011 11:40:19
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f6641bb\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,
 

Beginn des Suchlaufs: Sonntag, 18. März 2012  23:00
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IkEJJmteVRTh.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Citavi.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'swriter.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SteamService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AAM Updates Notifier.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'tv_w32.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'steam.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TeamViewer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SeaPort.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\admin\AppData\Local\Temp\GEJJWxj4NmsWDp.exe'

C:\Users\admin\AppData\Local\Temp\GEJJWxj4NmsWDp.exe

  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
 

Beginne mit der Desinfektion:

C:\Users\admin\AppData\Local\Temp\GEJJWxj4NmsWDp.exe

  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4940fad5.qua' verschoben!
 
 

Ende des Suchlaufs: Sonntag, 18. März 2012  23:01

Benötigte Zeit: 00:00 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

    668 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

    667 Dateien ohne Befall

      1 Archive wurden durchsucht

      0 Warnungen

      1 Hinweise
 
 

Die Suchergebnisse werden an den Guard übermittelt.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

wird erledigt:

Code:

OTL logfile created on: 21.03.2012 15:39:08 - Run 2

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,92 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 85,39% Memory free

15,84 Gb Paging File | 13,97 Gb Available in Paging File | 88,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 59,63 Gb Total Space | 7,77 Gb Free Space | 13,03% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 827,61 Gb Free Space | 88,85% Space Free | Partition Type: NTFS

Drive E: | 1,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 111,76 Gb Total Space | 23,15 Gb Free Space | 20,72% Space Free | Partition Type: FAT32

 

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.10.17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- D:\Program Files (x86)\Secunia\PSI\psia.exe

PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- D:\Program Files (x86)\Secunia\PSI\sua.exe

PRC - [2011.10.14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- D:\Program Files (x86)\Secunia\PSI\psi_tray.exe

PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.03.30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.17 22:51:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5b253e1301f52ac71695d2aeb390ef4\IAStorUtil.ni.dll

MOD - [2012.02.17 10:10:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.17 10:10:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012.02.17 10:09:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012.02.17 10:09:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.17 10:09:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.17 10:09:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012.02.17 10:09:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2011.11.23 14:22:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll

MOD - [2011.11.07 15:21:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.03.21 15:36:40 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011.12.01 19:15:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.02.16 20:52:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.10.15 11:48:08 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)

DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.05.13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.10.26 03:08:08 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.09.26 12:31:02 | 000,804,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE:64bit: - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\jr7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.01.08 14:03:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.03.21 08:11:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.03 22:39:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions

[2012.03.21 15:36:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions

[2012.03.21 15:36:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.03.08 17:42:31 | 000,000,000 | -H-D | M] (Evernote Web Clipper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

[2012.03.21 15:36:51 | 000,002,112 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxpdy2mc.default\searchplugins\wot-safe-search.xml

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI

() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\jr7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S6CDB.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [FileHippo.com] D:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)

O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE39E68-CA98-4B56-9A4F-29D18492CB03}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB4DC382-D36F-4991-83A4-4AE57BCCF4C5}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.21 09:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy

[2012.03.21 09:00:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012.03.21 09:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.03.21 09:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.03.21 08:56:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Secunia PSI

[2012.03.20 08:24:18 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe

[2012.03.19 00:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.03.19 00:26:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe

[2012.03.19 00:17:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[2012.03.18 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.18 23:49:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.03.16 07:53:57 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Katis Stick

[2012.03.13 21:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2012.03.13 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared

[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name

[2012.03.13 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012.03.13 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012.03.13 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS5.5

[2012.03.11 18:29:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Impfpass

[2012.03.11 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

[2012.03.11 17:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2012.03.08 22:31:12 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012.03.08 17:09:28 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\GMX

[2012.03.08 17:09:27 | 000,135,168 | ---- | C] (GMX GmbH) -- C:\Windows\SysNative\UIGMXMON.DLL

[2012.03.08 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX

[2012.03.08 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GMX

[2012.03.01 20:48:24 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\FileZilla

[2012.03.01 20:48:17 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.21 15:36:38 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

[2012.03.21 14:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.21 09:16:14 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.21 09:16:14 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.21 09:13:24 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.03.21 09:13:24 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.03.21 09:13:24 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.03.21 09:13:24 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.03.21 09:13:24 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.03.21 09:08:58 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.21 09:01:43 | 000,000,872 | ---- | M] () -- C:\Users\admin\Desktop\Update Checker.lnk

[2012.03.21 08:56:33 | 000,000,793 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe

[2012.03.20 07:58:25 | 000,013,694 | ---- | M] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk

[2012.03.20 07:57:43 | 000,000,264 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhy

[2012.03.20 07:57:42 | 000,000,176 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhyr

[2012.03.19 00:25:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe

[2012.03.19 00:18:06 | 000,000,456 | ---- | M] () -- C:\ProgramData\WH8xvv4hj5eqhy

[2012.03.18 23:49:39 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.15 17:22:02 | 000,584,757 | ---- | M] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg

[2012.03.15 17:19:58 | 000,684,374 | ---- | M] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg

[2012.03.15 16:45:43 | 005,113,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.03.13 22:34:51 | 000,001,256 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk

[2012.03.13 22:34:45 | 000,001,186 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk

[2012.03.13 22:34:42 | 000,001,681 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk

[2012.03.13 22:34:30 | 000,001,108 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk

[2012.03.13 22:34:13 | 000,001,225 | ---- | M] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk

[2012.03.13 22:33:59 | 000,001,109 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk

[2012.03.10 19:59:40 | 000,000,641 | ---- | M] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk

[2012.03.10 19:56:42 | 000,000,641 | ---- | M] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk

[2012.03.10 19:56:30 | 000,000,664 | ---- | M] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk

[2012.03.07 16:57:21 | 000,001,005 | -H-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.03.21 09:05:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.03.21 09:01:43 | 000,000,872 | ---- | C] () -- C:\Users\admin\Desktop\Update Checker.lnk

[2012.03.21 09:01:43 | 000,000,872 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk

[2012.03.21 08:56:33 | 000,000,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012.03.21 08:56:33 | 000,000,772 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

[2012.03.21 08:11:11 | 000,000,801 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.03.20 07:58:25 | 000,013,694 | ---- | C] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk

[2012.03.19 00:17:02 | 000,000,264 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhy

[2012.03.19 00:17:02 | 000,000,176 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhyr

[2012.03.19 00:17:00 | 000,000,456 | ---- | C] () -- C:\ProgramData\WH8xvv4hj5eqhy

[2012.03.18 23:49:39 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.15 17:22:00 | 000,584,757 | ---- | C] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg

[2012.03.15 17:19:56 | 000,684,374 | ---- | C] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg

[2012.03.13 22:34:51 | 000,001,256 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk

[2012.03.13 22:34:45 | 000,001,186 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk

[2012.03.13 22:34:42 | 000,001,681 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk

[2012.03.13 22:34:30 | 000,001,108 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk

[2012.03.13 22:34:13 | 000,001,225 | ---- | C] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk

[2012.03.13 22:33:59 | 000,001,109 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk

[2012.03.10 19:59:40 | 000,000,641 | ---- | C] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk

[2012.03.10 19:56:42 | 000,000,641 | ---- | C] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk

[2012.03.10 19:56:30 | 000,000,664 | ---- | C] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk

[2011.12.01 21:21:06 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.11.23 14:52:09 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011.11.23 14:52:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.11.23 14:52:09 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.11.23 14:52:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.11.23 14:52:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.11.23 14:50:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.04.27 14:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe

 
 ========== LOP Check ==========

 

[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo

[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox

[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla

[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX

[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org

[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex

[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw

[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client

[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software

[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly

[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP

[2012.03.21 09:15:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\PACE Anti-Piracy

[2012.02.18 21:16:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.03.21 15:36:38 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.03.13 22:36:07 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Adobe

[2011.12.22 23:18:08 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer

[2011.12.17 17:13:49 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Avira

[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo

[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox

[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla

[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX

[2011.12.01 16:55:53 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Identities

[2011.12.01 17:03:09 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\InstallShield

[2011.12.01 16:56:01 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Intel Corporation

[2011.12.01 17:18:57 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Macromedia

[2012.03.18 23:49:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2010.11.21 08:00:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs

[2012.03.19 06:48:19 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft

[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Mozilla

[2011.12.01 21:34:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\NVIDIA

[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org

[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex

[2012.03.21 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Skype

[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw

[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client

[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software

[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly

[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP

[2012.01.20 11:16:19 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

[2012.02.15 00:03:14 | 024,246,216 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.02.15 00:03:44 | 000,174,752 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.12.01 19:19:21 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012.03.13 20:47:41 | 000,010,134 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe

[2012.01.04 23:39:51 | 000,576,536 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_74f348dee3038044\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE:64bit: - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

[2012.03.20 07:57:43 | 000,000,264 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhy

[2012.03.20 07:57:42 | 000,000,176 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhyr

[2012.03.19 00:18:06 | 000,000,456 | ---- | M] () -- C:\ProgramData\WH8xvv4hj5eqhy        

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Arne,

ich habe den Fix durchgeführt:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ not found.

HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Unable to set value : HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!

Unable to set value : HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.

File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-436935125-148091526-2754246006-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_USERS\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

C:\ProgramData\~WH8xvv4hj5eqhy moved successfully.

C:\ProgramData\~WH8xvv4hj5eqhyr moved successfully.

C:\ProgramData\WH8xvv4hj5eqhy moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: admin

->Temp folder emptied: 357676198 bytes

->Temporary Internet Files folder emptied: 252736715 bytes

->Java cache emptied: 395929 bytes

->FireFox cache emptied: 57555533 bytes

->Flash cache emptied: 57021 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Tobias

->Temp folder emptied: 1308387 bytes

->Temporary Internet Files folder emptied: 23998755 bytes

->FireFox cache emptied: 44600524 bytes

->Flash cache emptied: 56950 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 70909658 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 772,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.1 log created on 03222012_090747
 

Files\Folders moved on Reboot...

C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Ein Neustart war erforderlich.

Viele Grüße

Tobias

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hi Arne,

hier das Log-File:

Code:

20:07:55.0385 4712        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

20:07:55.0479 4712        ============================================================

20:07:55.0479 4712        Current date / time: 2012/03/22 20:07:55.0479

20:07:55.0479 4712        SystemInfo:

20:07:55.0479 4712        

20:07:55.0479 4712        OS Version: 6.1.7601 ServicePack: 1.0

20:07:55.0479 4712        Product type: Workstation

20:07:55.0479 4712        ComputerName: ADMIN-PC

20:07:55.0479 4712        UserName: admin

20:07:55.0479 4712        Windows directory: C:\Windows

20:07:55.0479 4712        System windows directory: C:\Windows

20:07:55.0479 4712        Running under WOW64

20:07:55.0479 4712        Processor architecture: Intel x64

20:07:55.0479 4712        Number of processors: 4

20:07:55.0479 4712        Page size: 0x1000

20:07:55.0479 4712        Boot type: Normal boot

20:07:55.0479 4712        ============================================================

20:07:55.0651 4712        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:07:55.0651 4712        Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:07:55.0651 4712        Drive \Device\Harddisk2\DR2 - Size: 0xEC400000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:07:55.0651 4712        Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:07:55.0651 4712        Drive \Device\Harddisk4\DR4 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:07:55.0666 4712        \Device\Harddisk0\DR0:

20:07:55.0666 4712        MBR used

20:07:55.0666 4712        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

20:07:55.0666 4712        \Device\Harddisk1\DR1:

20:07:55.0666 4712        MBR used

20:07:55.0666 4712        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x77402B0

20:07:55.0666 4712        \Device\Harddisk2\DR2:

20:07:55.0666 4712        MBR used

20:07:55.0666 4712        \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760000

20:07:55.0666 4712        \Device\Harddisk3\DR3:

20:07:55.0666 4712        MBR used

20:07:55.0666 4712        \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682

20:07:55.0666 4712        \Device\Harddisk4\DR4:

20:07:55.0666 4712        MBR used

20:07:55.0666 4712        \Device\Harddisk4\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF93782

20:07:55.0682 4712        Initialize success

20:07:55.0682 4712        ============================================================

20:08:02.0029 4364        ============================================================

20:08:02.0029 4364        Scan started

20:08:02.0029 4364        Mode: Manual; SigCheck; TDLFS; 

20:08:02.0029 4364        ============================================================

20:08:02.0138 4364        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:08:02.0169 4364        1394ohci - ok

20:08:02.0185 4364        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:08:02.0185 4364        ACPI - ok

20:08:02.0200 4364        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:08:02.0216 4364        AcpiPmi - ok

20:08:02.0216 4364        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:08:02.0231 4364        AdobeARMservice - ok

20:08:02.0231 4364        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

20:08:02.0247 4364        adp94xx - ok

20:08:02.0263 4364        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

20:08:02.0263 4364        adpahci - ok

20:08:02.0278 4364        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

20:08:02.0278 4364        adpu320 - ok

20:08:02.0294 4364        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:08:02.0325 4364        AeLookupSvc - ok

20:08:02.0341 4364        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:08:02.0356 4364        AFD - ok

20:08:02.0356 4364        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:08:02.0372 4364        agp440 - ok

20:08:02.0372 4364        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:08:02.0387 4364        ALG - ok

20:08:02.0387 4364        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:08:02.0403 4364        aliide - ok

20:08:02.0403 4364        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:08:02.0419 4364        amdide - ok

20:08:02.0419 4364        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

20:08:02.0434 4364        AmdK8 - ok

20:08:02.0434 4364        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

20:08:02.0450 4364        AmdPPM - ok

20:08:02.0450 4364        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:08:02.0450 4364        amdsata - ok

20:08:02.0465 4364        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

20:08:02.0465 4364        amdsbs - ok

20:08:02.0481 4364        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:08:02.0481 4364        amdxata - ok

20:08:02.0543 4364        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

20:08:02.0543 4364        AntiVirSchedulerService - ok

20:08:02.0559 4364        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

20:08:02.0575 4364        AntiVirService - ok

20:08:02.0575 4364        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:08:02.0637 4364        AppID - ok

20:08:02.0637 4364        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:08:02.0668 4364        AppIDSvc - ok

20:08:02.0684 4364        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:08:02.0699 4364        Appinfo - ok

20:08:02.0699 4364        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:08:02.0715 4364        Apple Mobile Device - ok

20:08:02.0715 4364        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

20:08:02.0715 4364        arc - ok

20:08:02.0731 4364        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

20:08:02.0731 4364        arcsas - ok

20:08:02.0746 4364        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:08:02.0762 4364        AsyncMac - ok

20:08:02.0777 4364        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:08:02.0777 4364        atapi - ok

20:08:02.0793 4364        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:08:02.0809 4364        AudioEndpointBuilder - ok

20:08:02.0824 4364        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:08:02.0840 4364        AudioSrv - ok

20:08:02.0855 4364        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

20:08:02.0871 4364        avgntflt - ok

20:08:02.0887 4364        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

20:08:02.0887 4364        avipbb - ok

20:08:02.0887 4364        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

20:08:02.0902 4364        avkmgr - ok

20:08:02.0902 4364        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:08:02.0918 4364        AxInstSV - ok

20:08:02.0933 4364        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

20:08:02.0933 4364        b06bdrv - ok

20:08:02.0949 4364        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:08:02.0949 4364        b57nd60a - ok

20:08:02.0965 4364        BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

20:08:02.0965 4364        BBSvc - ok

20:08:02.0980 4364        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:08:02.0980 4364        BDESVC - ok

20:08:02.0996 4364        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:08:03.0011 4364        Beep - ok

20:08:03.0027 4364        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:08:03.0043 4364        BFE - ok

20:08:03.0058 4364        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:08:03.0089 4364        BITS - ok

20:08:03.0105 4364        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

20:08:03.0105 4364        blbdrive - ok

20:08:03.0105 4364        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:08:03.0121 4364        Bonjour Service - ok

20:08:03.0121 4364        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:08:03.0136 4364        bowser - ok

20:08:03.0136 4364        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

20:08:03.0152 4364        BrFiltLo - ok

20:08:03.0152 4364        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

20:08:03.0167 4364        BrFiltUp - ok

20:08:03.0167 4364        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:08:03.0199 4364        Browser - ok

20:08:03.0199 4364        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:08:03.0214 4364        Brserid - ok

20:08:03.0230 4364        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:08:03.0230 4364        BrSerWdm - ok

20:08:03.0245 4364        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:08:03.0245 4364        BrUsbMdm - ok

20:08:03.0261 4364        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:08:03.0261 4364        BrUsbSer - ok

20:08:03.0277 4364        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

20:08:03.0277 4364        BTHMODEM - ok

20:08:03.0292 4364        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:08:03.0308 4364        bthserv - ok

20:08:03.0323 4364        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:08:03.0339 4364        cdfs - ok

20:08:03.0355 4364        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

20:08:03.0355 4364        cdrom - ok

20:08:03.0370 4364        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:08:03.0386 4364        CertPropSvc - ok

20:08:03.0386 4364        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

20:08:03.0401 4364        circlass - ok

20:08:03.0401 4364        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:08:03.0417 4364        CLFS - ok

20:08:03.0417 4364        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:08:03.0433 4364        clr_optimization_v2.0.50727_32 - ok

20:08:03.0433 4364        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:08:03.0433 4364        clr_optimization_v2.0.50727_64 - ok

20:08:03.0448 4364        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:08:03.0448 4364        clr_optimization_v4.0.30319_32 - ok

20:08:03.0464 4364        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:08:03.0464 4364        clr_optimization_v4.0.30319_64 - ok

20:08:03.0479 4364        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

20:08:03.0479 4364        CmBatt - ok

20:08:03.0479 4364        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:08:03.0495 4364        cmdide - ok

20:08:03.0495 4364        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:08:03.0511 4364        CNG - ok

20:08:03.0526 4364        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

20:08:03.0526 4364        Compbatt - ok

20:08:03.0542 4364        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:08:03.0542 4364        CompositeBus - ok

20:08:03.0542 4364        COMSysApp - ok

20:08:03.0557 4364        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

20:08:03.0557 4364        crcdisk - ok

20:08:03.0573 4364        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

20:08:03.0589 4364        CryptSvc - ok

20:08:03.0604 4364        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

20:08:03.0620 4364        cvhsvc - ok

20:08:03.0620 4364        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:08:03.0651 4364        DcomLaunch - ok

20:08:03.0651 4364        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:08:03.0682 4364        defragsvc - ok

20:08:03.0682 4364        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:08:03.0713 4364        DfsC - ok

20:08:03.0713 4364        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:08:03.0745 4364        Dhcp - ok

20:08:03.0745 4364        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:08:03.0776 4364        discache - ok

20:08:03.0776 4364        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

20:08:03.0791 4364        Disk - ok

20:08:03.0791 4364        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:08:03.0807 4364        Dnscache - ok

20:08:03.0807 4364        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:08:03.0838 4364        dot3svc - ok

20:08:03.0838 4364        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:08:03.0854 4364        DPS - ok

20:08:03.0869 4364        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:08:03.0869 4364        drmkaud - ok

20:08:03.0885 4364        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:08:03.0901 4364        DXGKrnl - ok

20:08:03.0916 4364        E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

20:08:03.0916 4364        E1G60 - ok

20:08:03.0932 4364        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:08:03.0947 4364        EapHost - ok

20:08:03.0979 4364        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

20:08:04.0010 4364        ebdrv - ok

20:08:04.0025 4364        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:08:04.0025 4364        EFS - ok

20:08:04.0041 4364        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:08:04.0057 4364        ehRecvr - ok

20:08:04.0057 4364        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:08:04.0072 4364        ehSched - ok

20:08:04.0072 4364        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

20:08:04.0088 4364        elxstor - ok

20:08:04.0103 4364        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:08:04.0103 4364        ErrDev - ok

20:08:04.0119 4364        EtronHub3       (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\System32\Drivers\EtronHub3.sys

20:08:04.0119 4364        EtronHub3 - ok

20:08:04.0119 4364        EtronXHCI       (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\System32\Drivers\EtronXHCI.sys

20:08:04.0135 4364        EtronXHCI - ok

20:08:04.0135 4364        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:08:04.0181 4364        EventSystem - ok

20:08:04.0181 4364        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:08:04.0213 4364        exfat - ok

20:08:04.0213 4364        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:08:04.0244 4364        fastfat - ok

20:08:04.0244 4364        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:08:04.0259 4364        Fax - ok

20:08:04.0275 4364        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

20:08:04.0275 4364        fdc - ok

20:08:04.0291 4364        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:08:04.0306 4364        fdPHost - ok

20:08:04.0306 4364        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:08:04.0337 4364        FDResPub - ok

20:08:04.0337 4364        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:08:04.0353 4364        FileInfo - ok

20:08:04.0353 4364        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:08:04.0369 4364        Filetrace - ok

20:08:04.0384 4364        FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

20:08:04.0400 4364        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

20:08:04.0400 4364        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

20:08:04.0400 4364        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

20:08:04.0415 4364        flpydisk - ok

20:08:04.0415 4364        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:08:04.0431 4364        FltMgr - ok

20:08:04.0447 4364        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:08:04.0462 4364        FontCache - ok

20:08:04.0462 4364        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:08:04.0462 4364        FontCache3.0.0.0 - ok

20:08:04.0478 4364        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:08:04.0478 4364        FsDepends - ok

20:08:04.0493 4364        fssfltr         (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

20:08:04.0493 4364        fssfltr - ok

20:08:04.0509 4364        fsssvc          (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

20:08:04.0525 4364        fsssvc - ok

20:08:04.0540 4364        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:08:04.0540 4364        Fs_Rec - ok

20:08:04.0556 4364        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:08:04.0556 4364        fvevol - ok

20:08:04.0571 4364        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

20:08:04.0571 4364        gagp30kx - ok

20:08:04.0571 4364        gdrv - ok

20:08:04.0587 4364        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:08:04.0587 4364        GEARAspiWDM - ok

20:08:04.0603 4364        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:08:04.0634 4364        gpsvc - ok

20:08:04.0634 4364        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:08:04.0649 4364        hcw85cir - ok

20:08:04.0649 4364        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:08:04.0665 4364        HdAudAddService - ok

20:08:04.0681 4364        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:08:04.0681 4364        HDAudBus - ok

20:08:04.0696 4364        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

20:08:04.0696 4364        HidBatt - ok

20:08:04.0712 4364        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

20:08:04.0712 4364        HidBth - ok

20:08:04.0727 4364        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

20:08:04.0727 4364        HidIr - ok

20:08:04.0743 4364        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:08:04.0759 4364        hidserv - ok

20:08:04.0759 4364        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:08:04.0774 4364        HidUsb - ok

20:08:04.0774 4364        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:08:04.0805 4364        hkmsvc - ok

20:08:04.0805 4364        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:08:04.0821 4364        HomeGroupListener - ok

20:08:04.0821 4364        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:08:04.0837 4364        HomeGroupProvider - ok

20:08:04.0837 4364        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:08:04.0852 4364        HpSAMD - ok

20:08:04.0868 4364        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:08:04.0883 4364        HTTP - ok

20:08:04.0899 4364        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:08:04.0899 4364        hwpolicy - ok

20:08:04.0915 4364        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:08:04.0915 4364        i8042prt - ok

20:08:04.0930 4364        iaStor          (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\drivers\iaStor.sys

20:08:04.0930 4364        iaStor - ok

20:08:04.0946 4364        IAStorDataMgrSvc (17125b7d2f56b4b35441561c780c2ccb) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

20:08:04.0946 4364        IAStorDataMgrSvc - ok

20:08:04.0946 4364        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:08:04.0961 4364        iaStorV - ok

20:08:04.0977 4364        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:08:04.0993 4364        idsvc - ok

20:08:05.0071 4364        igfx            (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:08:05.0180 4364        igfx - ok

20:08:05.0195 4364        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

20:08:05.0195 4364        iirsp - ok

20:08:05.0211 4364        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:08:05.0242 4364        IKEEXT - ok

20:08:05.0258 4364        IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys

20:08:05.0289 4364        IntcAzAudAddService - ok

20:08:05.0305 4364        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

20:08:05.0320 4364        IntcDAud - ok

20:08:05.0320 4364        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:08:05.0320 4364        intelide - ok

20:08:05.0336 4364        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

20:08:05.0336 4364        intelppm - ok

20:08:05.0351 4364        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:08:05.0367 4364        IPBusEnum - ok

20:08:05.0383 4364        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:08:05.0398 4364        IpFilterDriver - ok

20:08:05.0414 4364        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:08:05.0429 4364        iphlpsvc - ok

20:08:05.0445 4364        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:08:05.0445 4364        IPMIDRV - ok

20:08:05.0461 4364        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:08:05.0476 4364        IPNAT - ok

20:08:05.0492 4364        iPod Service    (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

20:08:05.0507 4364        iPod Service - ok

20:08:05.0507 4364        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:08:05.0523 4364        IRENUM - ok

20:08:05.0523 4364        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:08:05.0539 4364        isapnp - ok

20:08:05.0539 4364        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:08:05.0554 4364        iScsiPrt - ok

20:08:05.0554 4364        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:08:05.0554 4364        kbdclass - ok

20:08:05.0570 4364        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

20:08:05.0570 4364        kbdhid - ok

20:08:05.0585 4364        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:05.0585 4364        KeyIso - ok

20:08:05.0601 4364        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:08:05.0601 4364        KSecDD - ok

20:08:05.0601 4364        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:08:05.0617 4364        KSecPkg - ok

20:08:05.0617 4364        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:08:05.0648 4364        ksthunk - ok

20:08:05.0648 4364        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:08:05.0679 4364        KtmRm - ok

20:08:05.0679 4364        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:08:05.0710 4364        LanmanServer - ok

20:08:05.0710 4364        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:08:05.0741 4364        LanmanWorkstation - ok

20:08:05.0741 4364        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:08:05.0773 4364        lltdio - ok

20:08:05.0773 4364        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:08:05.0804 4364        lltdsvc - ok

20:08:05.0804 4364        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:08:05.0819 4364        lmhosts - ok

20:08:05.0835 4364        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

20:08:05.0835 4364        LSI_FC - ok

20:08:05.0851 4364        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

20:08:05.0851 4364        LSI_SAS - ok

20:08:05.0866 4364        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

20:08:05.0866 4364        LSI_SAS2 - ok

20:08:05.0882 4364        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

20:08:05.0882 4364        LSI_SCSI - ok

20:08:05.0897 4364        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:08:05.0913 4364        luafv - ok

20:08:05.0929 4364        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

20:08:05.0929 4364        MBAMProtector - ok

20:08:05.0991 4364        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:08:06.0007 4364        MBAMService - ok

20:08:06.0007 4364        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

20:08:06.0022 4364        McComponentHostService - ok

20:08:06.0022 4364        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:08:06.0038 4364        Mcx2Svc - ok

20:08:06.0053 4364        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

20:08:06.0053 4364        megasas - ok

20:08:06.0069 4364        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

20:08:06.0069 4364        MegaSR - ok

20:08:06.0085 4364        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

20:08:06.0085 4364        MEIx64 - ok

20:08:06.0085 4364        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:08:06.0116 4364        MMCSS - ok

20:08:06.0116 4364        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:08:06.0147 4364        Modem - ok

20:08:06.0147 4364        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:08:06.0163 4364        monitor - ok

20:08:06.0163 4364        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:08:06.0178 4364        mouclass - ok

20:08:06.0178 4364        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:08:06.0178 4364        mouhid - ok

20:08:06.0194 4364        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:08:06.0194 4364        mountmgr - ok

20:08:06.0209 4364        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:08:06.0209 4364        mpio - ok

20:08:06.0225 4364        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:08:06.0241 4364        mpsdrv - ok

20:08:06.0256 4364        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:08:06.0287 4364        MpsSvc - ok

20:08:06.0287 4364        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:08:06.0303 4364        MRxDAV - ok

20:08:06.0319 4364        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:08:06.0319 4364        mrxsmb - ok

20:08:06.0334 4364        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:08:06.0334 4364        mrxsmb10 - ok

20:08:06.0350 4364        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:08:06.0350 4364        mrxsmb20 - ok

20:08:06.0365 4364        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:08:06.0365 4364        msahci - ok

20:08:06.0381 4364        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:08:06.0381 4364        msdsm - ok

20:08:06.0381 4364        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:08:06.0397 4364        MSDTC - ok

20:08:06.0412 4364        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:08:06.0428 4364        Msfs - ok

20:08:06.0428 4364        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:08:06.0459 4364        mshidkmdf - ok

20:08:06.0459 4364        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:08:06.0459 4364        msisadrv - ok

20:08:06.0475 4364        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:08:06.0490 4364        MSiSCSI - ok

20:08:06.0506 4364        msiserver - ok

20:08:06.0506 4364        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:08:06.0537 4364        MSKSSRV - ok

20:08:06.0537 4364        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:08:06.0553 4364        MSPCLOCK - ok

20:08:06.0568 4364        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:08:06.0584 4364        MSPQM - ok

20:08:06.0599 4364        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:08:06.0615 4364        MsRPC - ok

20:08:06.0615 4364        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:08:06.0615 4364        mssmbios - ok

20:08:06.0631 4364        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:08:06.0646 4364        MSTEE - ok

20:08:06.0662 4364        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

20:08:06.0662 4364        MTConfig - ok

20:08:06.0662 4364        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:08:06.0677 4364        Mup - ok

20:08:06.0677 4364        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:08:06.0709 4364        napagent - ok

20:08:06.0724 4364        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:08:06.0724 4364        NativeWifiP - ok

20:08:06.0740 4364        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:08:06.0755 4364        NDIS - ok

20:08:06.0771 4364        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:08:06.0787 4364        NdisCap - ok

20:08:06.0802 4364        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:08:06.0818 4364        NdisTapi - ok

20:08:06.0818 4364        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:08:06.0849 4364        Ndisuio - ok

20:08:06.0849 4364        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:08:06.0880 4364        NdisWan - ok

20:08:06.0880 4364        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:08:06.0896 4364        NDProxy - ok

20:08:06.0911 4364        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:08:06.0927 4364        NetBIOS - ok

20:08:06.0943 4364        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:08:06.0958 4364        NetBT - ok

20:08:06.0974 4364        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:06.0974 4364        Netlogon - ok

20:08:06.0989 4364        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:08:07.0005 4364        Netman - ok

20:08:07.0021 4364        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:08:07.0036 4364        netprofm - ok

20:08:07.0052 4364        netr28ux        (01a8a17c17e548db1b6c2e597c0c66e6) C:\Windows\system32\DRIVERS\netr28ux.sys

20:08:07.0067 4364        netr28ux - ok

20:08:07.0083 4364        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:08:07.0083 4364        NetTcpPortSharing - ok

20:08:07.0083 4364        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

20:08:07.0099 4364        nfrd960 - ok

20:08:07.0099 4364        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:08:07.0130 4364        NlaSvc - ok

20:08:07.0130 4364        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:08:07.0161 4364        Npfs - ok

20:08:07.0161 4364        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:08:07.0177 4364        nsi - ok

20:08:07.0192 4364        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:08:07.0208 4364        nsiproxy - ok

20:08:07.0239 4364        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:08:07.0255 4364        Ntfs - ok

20:08:07.0270 4364        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:08:07.0286 4364        Null - ok

20:08:07.0301 4364        NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

20:08:07.0301 4364        NVHDA - ok

20:08:07.0379 4364        nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:08:07.0504 4364        nvlddmkm - ok

20:08:07.0520 4364        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:08:07.0520 4364        nvraid - ok

20:08:07.0520 4364        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:08:07.0535 4364        nvstor - ok

20:08:07.0551 4364        NvStUSB         (4dc87cda61d7b185e79618581f46b85a) C:\Windows\system32\drivers\nvstusb.sys

20:08:07.0551 4364        NvStUSB - ok

20:08:07.0567 4364        nvsvc           (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

20:08:07.0598 4364        nvsvc - ok

20:08:07.0613 4364        nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

20:08:07.0645 4364        nvUpdatusService - ok

20:08:07.0645 4364        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:08:07.0660 4364        nv_agp - ok

20:08:07.0660 4364        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:08:07.0676 4364        ohci1394 - ok

20:08:07.0676 4364        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:08:07.0691 4364        ose - ok

20:08:07.0723 4364        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:08:07.0801 4364        osppsvc - ok

20:08:07.0801 4364        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:08:07.0816 4364        p2pimsvc - ok

20:08:07.0816 4364        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:08:07.0832 4364        p2psvc - ok

20:08:07.0847 4364        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

20:08:07.0847 4364        Parport - ok

20:08:07.0863 4364        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:08:07.0863 4364        partmgr - ok

20:08:07.0879 4364        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:08:07.0879 4364        PcaSvc - ok

20:08:07.0894 4364        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:08:07.0894 4364        pci - ok

20:08:07.0910 4364        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:08:07.0910 4364        pciide - ok

20:08:07.0925 4364        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

20:08:07.0925 4364        pcmcia - ok

20:08:07.0941 4364        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:08:07.0941 4364        pcw - ok

20:08:07.0957 4364        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:08:07.0972 4364        PEAUTH - ok

20:08:07.0988 4364        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:08:07.0988 4364        PerfHost - ok

20:08:08.0019 4364        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:08:08.0050 4364        pla - ok

20:08:08.0050 4364        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:08:08.0066 4364        PlugPlay - ok

20:08:08.0066 4364        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:08:08.0081 4364        PNRPAutoReg - ok

20:08:08.0081 4364        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:08:08.0097 4364        PNRPsvc - ok

20:08:08.0113 4364        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:08:08.0128 4364        PolicyAgent - ok

20:08:08.0144 4364        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:08:08.0159 4364        Power - ok

20:08:08.0175 4364        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:08:08.0191 4364        PptpMiniport - ok

20:08:08.0206 4364        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

20:08:08.0206 4364        Processor - ok

20:08:08.0222 4364        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

20:08:08.0237 4364        ProfSvc - ok

20:08:08.0237 4364        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:08.0253 4364        ProtectedStorage - ok

20:08:08.0253 4364        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:08:08.0284 4364        Psched - ok

20:08:08.0284 4364        PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys

20:08:08.0300 4364        PSI - ok

20:08:08.0300 4364        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

20:08:08.0300 4364        PxHlpa64 - ok

20:08:08.0315 4364        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

20:08:08.0347 4364        ql2300 - ok

20:08:08.0347 4364        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

20:08:08.0362 4364        ql40xx - ok

20:08:08.0362 4364        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:08:08.0378 4364        QWAVE - ok

20:08:08.0393 4364        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:08:08.0393 4364        QWAVEdrv - ok

20:08:08.0409 4364        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:08:08.0425 4364        RasAcd - ok

20:08:08.0440 4364        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:08:08.0456 4364        RasAgileVpn - ok

20:08:08.0456 4364        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:08:08.0487 4364        RasAuto - ok

20:08:08.0487 4364        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:08:08.0518 4364        Rasl2tp - ok

20:08:08.0518 4364        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:08:08.0549 4364        RasMan - ok

20:08:08.0549 4364        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:08:08.0581 4364        RasPppoe - ok

20:08:08.0581 4364        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:08:08.0612 4364        RasSstp - ok

20:08:08.0612 4364        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:08:08.0643 4364        rdbss - ok

20:08:08.0643 4364        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

20:08:08.0659 4364        rdpbus - ok

20:08:08.0659 4364        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:08:08.0690 4364        RDPCDD - ok

20:08:08.0690 4364        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:08:08.0705 4364        RDPENCDD - ok

20:08:08.0721 4364        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:08:08.0737 4364        RDPREFMP - ok

20:08:08.0752 4364        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

20:08:08.0752 4364        RDPWD - ok

20:08:08.0768 4364        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:08:08.0783 4364        rdyboost - ok

20:08:08.0783 4364        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:08:08.0799 4364        RemoteAccess - ok

20:08:08.0815 4364        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:08:08.0830 4364        RemoteRegistry - ok

20:08:08.0846 4364        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:08:08.0861 4364        RpcEptMapper - ok

20:08:08.0877 4364        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:08:08.0877 4364        RpcLocator - ok

20:08:08.0893 4364        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:08:08.0908 4364        RpcSs - ok

20:08:08.0924 4364        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:08:08.0939 4364        rspndr - ok

20:08:08.0955 4364        RTL8167         (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:08:08.0955 4364        RTL8167 - ok

20:08:08.0971 4364        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:08.0971 4364        SamSs - ok

20:08:08.0986 4364        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:08:08.0986 4364        sbp2port - ok

20:08:09.0002 4364        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:08:09.0017 4364        SCardSvr - ok

20:08:09.0033 4364        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:08:09.0049 4364        scfilter - ok

20:08:09.0064 4364        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:08:09.0095 4364        Schedule - ok

20:08:09.0095 4364        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:08:09.0111 4364        SCPolicySvc - ok

20:08:09.0127 4364        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:08:09.0142 4364        SDRSVC - ok

20:08:09.0142 4364        SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

20:08:09.0142 4364        SeaPort - ok

20:08:09.0158 4364        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:08:09.0173 4364        secdrv - ok

20:08:09.0173 4364        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:08:09.0205 4364        seclogon - ok

20:08:09.0236 4364        Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) D:\Program Files (x86)\Secunia\PSI\PSIA.exe

20:08:09.0236 4364        Secunia PSI Agent - ok

20:08:09.0267 4364        Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) D:\Program Files (x86)\Secunia\PSI\sua.exe

20:08:09.0283 4364        Secunia Update Agent - ok

20:08:09.0283 4364        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:08:09.0298 4364        SENS - ok

20:08:09.0314 4364        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:08:09.0314 4364        SensrSvc - ok

20:08:09.0329 4364        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

20:08:09.0329 4364        Serenum - ok

20:08:09.0345 4364        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

20:08:09.0345 4364        Serial - ok

20:08:09.0361 4364        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

20:08:09.0361 4364        sermouse - ok

20:08:09.0376 4364        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:08:09.0392 4364        SessionEnv - ok

20:08:09.0407 4364        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:08:09.0407 4364        sffdisk - ok

20:08:09.0423 4364        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:08:09.0423 4364        sffp_mmc - ok

20:08:09.0439 4364        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:08:09.0439 4364        sffp_sd - ok

20:08:09.0454 4364        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

20:08:09.0454 4364        sfloppy - ok

20:08:09.0470 4364        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

20:08:09.0485 4364        Sftfs - ok

20:08:09.0485 4364        sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

20:08:09.0501 4364        sftlist - ok

20:08:09.0501 4364        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

20:08:09.0517 4364        Sftplay - ok

20:08:09.0517 4364        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

20:08:09.0517 4364        Sftredir - ok

20:08:09.0532 4364        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

20:08:09.0532 4364        Sftvol - ok

20:08:09.0532 4364        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

20:08:09.0548 4364        sftvsa - ok

20:08:09.0548 4364        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:08:09.0579 4364        SharedAccess - ok

20:08:09.0595 4364        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:08:09.0610 4364        ShellHWDetection - ok

20:08:09.0610 4364        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

20:08:09.0626 4364        SiSRaid2 - ok

20:08:09.0626 4364        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

20:08:09.0641 4364        SiSRaid4 - ok

20:08:09.0641 4364        SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

20:08:09.0641 4364        SkypeUpdate - ok

20:08:09.0657 4364        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:08:09.0673 4364        Smb - ok

20:08:09.0688 4364        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:08:09.0688 4364        SNMPTRAP - ok

20:08:09.0704 4364        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:08:09.0704 4364        spldr - ok

20:08:09.0719 4364        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:08:09.0735 4364        Spooler - ok

20:08:09.0766 4364        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:08:09.0813 4364        sppsvc - ok

20:08:09.0829 4364        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:08:09.0844 4364        sppuinotify - ok

20:08:09.0860 4364        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:08:09.0860 4364        srv - ok

20:08:09.0875 4364        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:08:09.0891 4364        srv2 - ok

20:08:09.0891 4364        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:08:09.0907 4364        srvnet - ok

20:08:09.0907 4364        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:08:09.0938 4364        SSDPSRV - ok

20:08:09.0938 4364        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:08:09.0953 4364        SstpSvc - ok

20:08:09.0969 4364        Steam Client Service - ok

20:08:09.0969 4364        Stereo Service  (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

20:08:09.0969 4364        Stereo Service - ok

20:08:09.0985 4364        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

20:08:09.0985 4364        stexstor - ok

20:08:10.0000 4364        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:08:10.0016 4364        stisvc - ok

20:08:10.0016 4364        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:08:10.0031 4364        swenum - ok

20:08:10.0031 4364        SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

20:08:10.0047 4364        SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

20:08:10.0047 4364        SwitchBoard - detected UnsignedFile.Multi.Generic (1)

20:08:10.0047 4364        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:08:10.0078 4364        swprv - ok

20:08:10.0094 4364        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:08:10.0125 4364        SysMain - ok

20:08:10.0125 4364        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:08:10.0141 4364        TabletInputService - ok

20:08:10.0156 4364        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:08:10.0187 4364        TapiSrv - ok

20:08:10.0187 4364        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:08:10.0203 4364        TBS - ok

20:08:10.0234 4364        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:08:10.0265 4364        Tcpip - ok

20:08:10.0281 4364        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:08:10.0297 4364        TCPIP6 - ok

20:08:10.0312 4364        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:08:10.0328 4364        tcpipreg - ok

20:08:10.0328 4364        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:08:10.0343 4364        TDPIPE - ok

20:08:10.0343 4364        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:08:10.0359 4364        TDTCP - ok

20:08:10.0359 4364        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:08:10.0390 4364        tdx - ok

20:08:10.0406 4364        TeamViewer7     (641500967e5e87cf026df0193ab84ea7) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

20:08:10.0437 4364        TeamViewer7 - ok

20:08:10.0453 4364        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:08:10.0453 4364        TermDD - ok

20:08:10.0468 4364        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:08:10.0484 4364        TermService - ok

20:08:10.0499 4364        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:08:10.0499 4364        Themes - ok

20:08:10.0515 4364        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:08:10.0531 4364        THREADORDER - ok

20:08:10.0546 4364        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:08:10.0562 4364        TrkWks - ok

20:08:10.0562 4364        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:08:10.0593 4364        TrustedInstaller - ok

20:08:10.0593 4364        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:08:10.0609 4364        tssecsrv - ok

20:08:10.0624 4364        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:08:10.0624 4364        TsUsbFlt - ok

20:08:10.0640 4364        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

20:08:10.0640 4364        TsUsbGD - ok

20:08:10.0655 4364        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:08:10.0671 4364        tunnel - ok

20:08:10.0687 4364        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

20:08:10.0687 4364        uagp35 - ok

20:08:10.0702 4364        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:08:10.0718 4364        udfs - ok

20:08:10.0733 4364        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:08:10.0733 4364        UI0Detect - ok

20:08:10.0749 4364        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:08:10.0749 4364        uliagpkx - ok

20:08:10.0749 4364        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

20:08:10.0765 4364        umbus - ok

20:08:10.0765 4364        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

20:08:10.0780 4364        UmPass - ok

20:08:10.0780 4364        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:08:10.0811 4364        upnphost - ok

20:08:10.0811 4364        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:08:10.0827 4364        usbccgp - ok

20:08:10.0827 4364        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:08:10.0843 4364        usbcir - ok

20:08:10.0843 4364        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

20:08:10.0858 4364        usbehci - ok

20:08:10.0858 4364        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys

20:08:10.0874 4364        usbhub - ok

20:08:10.0889 4364        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:08:10.0889 4364        usbohci - ok

20:08:10.0889 4364        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:08:10.0905 4364        usbprint - ok

20:08:10.0905 4364        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:08:10.0921 4364        usbscan - ok

20:08:10.0936 4364        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:08:10.0936 4364        USBSTOR - ok

20:08:10.0936 4364        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:08:10.0952 4364        usbuhci - ok

20:08:10.0952 4364        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:08:10.0983 4364        UxSms - ok

20:08:10.0983 4364        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:10.0983 4364        VaultSvc - ok

20:08:10.0999 4364        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:08:10.0999 4364        vdrvroot - ok

20:08:11.0014 4364        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:08:11.0045 4364        vds - ok

20:08:11.0045 4364        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:08:11.0061 4364        vga - ok

20:08:11.0061 4364        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:08:11.0077 4364        VgaSave - ok

20:08:11.0092 4364        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:08:11.0092 4364        vhdmp - ok

20:08:11.0108 4364        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:08:11.0108 4364        viaide - ok

20:08:11.0123 4364        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:08:11.0123 4364        volmgr - ok

20:08:11.0139 4364        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:08:11.0139 4364        volmgrx - ok

20:08:11.0155 4364        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:08:11.0155 4364        volsnap - ok

20:08:11.0170 4364        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

20:08:11.0170 4364        vsmraid - ok

20:08:11.0186 4364        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:08:11.0233 4364        VSS - ok

20:08:11.0233 4364        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

20:08:11.0248 4364        vwifibus - ok

20:08:11.0248 4364        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:08:11.0279 4364        W32Time - ok

20:08:11.0279 4364        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

20:08:11.0295 4364        WacomPen - ok

20:08:11.0295 4364        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:08:11.0326 4364        WANARP - ok

20:08:11.0326 4364        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:08:11.0342 4364        Wanarpv6 - ok

20:08:11.0357 4364        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:08:11.0373 4364        wbengine - ok

20:08:11.0389 4364        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:08:11.0404 4364        WbioSrvc - ok

20:08:11.0404 4364        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:08:11.0420 4364        wcncsvc - ok

20:08:11.0435 4364        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:08:11.0435 4364        WcsPlugInService - ok

20:08:11.0435 4364        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

20:08:11.0451 4364        Wd - ok

20:08:11.0467 4364        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:08:11.0467 4364        Wdf01000 - ok

20:08:11.0482 4364        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:08:11.0498 4364        WdiServiceHost - ok

20:08:11.0498 4364        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:08:11.0513 4364        WdiSystemHost - ok

20:08:11.0529 4364        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:08:11.0529 4364        WebClient - ok

20:08:11.0545 4364        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:08:11.0560 4364        Wecsvc - ok

20:08:11.0576 4364        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:08:11.0591 4364        wercplsupport - ok

20:08:11.0607 4364        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:08:11.0623 4364        WerSvc - ok

20:08:11.0638 4364        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:08:11.0654 4364        WfpLwf - ok

20:08:11.0654 4364        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:08:11.0669 4364        WIMMount - ok

20:08:11.0669 4364        WinDefend - ok

20:08:11.0669 4364        WinHttpAutoProxySvc - ok

20:08:11.0685 4364        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:08:11.0701 4364        Winmgmt - ok

20:08:11.0716 4364        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:08:11.0763 4364        WinRM - ok

20:08:11.0763 4364        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:08:11.0779 4364        WinUsb - ok

20:08:11.0794 4364        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:08:11.0810 4364        Wlansvc - ok

20:08:11.0810 4364        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:08:11.0810 4364        wlcrasvc - ok

20:08:11.0841 4364        wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:08:11.0872 4364        wlidsvc - ok

20:08:11.0872 4364        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:08:11.0872 4364        WmiAcpi - ok

20:08:11.0888 4364        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:08:11.0903 4364        wmiApSrv - ok

20:08:11.0903 4364        WMPNetworkSvc - ok

20:08:11.0903 4364        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:08:11.0919 4364        WPCSvc - ok

20:08:11.0919 4364        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:08:11.0935 4364        WPDBusEnum - ok

20:08:11.0935 4364        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:08:11.0950 4364        ws2ifsl - ok

20:08:11.0966 4364        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

20:08:11.0981 4364        wscsvc - ok

20:08:11.0981 4364        WSearch - ok

20:08:11.0997 4364        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

20:08:12.0044 4364        wuauserv - ok

20:08:12.0059 4364        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:08:12.0075 4364        WudfPf - ok

20:08:12.0091 4364        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:08:12.0106 4364        WUDFRd - ok

20:08:12.0106 4364        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:08:12.0137 4364        wudfsvc - ok

20:08:12.0137 4364        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:08:12.0153 4364        WwanSvc - ok

20:08:12.0169 4364        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:08:12.0231 4364        \Device\Harddisk0\DR0 - ok

20:08:12.0231 4364        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

20:08:12.0247 4364        \Device\Harddisk1\DR1 - ok

20:08:12.0262 4364        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

20:08:12.0403 4364        \Device\Harddisk2\DR2 - ok

20:08:12.0761 4364        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3

20:08:12.0886 4364        \Device\Harddisk3\DR3 - ok

20:08:13.0229 4364        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4

20:08:13.0354 4364        \Device\Harddisk4\DR4 - ok

20:08:13.0385 4364        Boot (0x1200)   (1fa00531efb1c73b1ca7796f567eccca) \Device\Harddisk0\DR0\Partition0

20:08:13.0385 4364        \Device\Harddisk0\DR0\Partition0 - ok

20:08:13.0385 4364        Boot (0x1200)   (b44a4b1dfb9d5bf0d903602cb78c02c7) \Device\Harddisk1\DR1\Partition0

20:08:13.0385 4364        \Device\Harddisk1\DR1\Partition0 - ok

20:08:13.0385 4364        Boot (0x1200)   (27c66fce0ac61f8dcdb1680c2a7f5b46) \Device\Harddisk2\DR2\Partition0

20:08:13.0401 4364        \Device\Harddisk2\DR2\Partition0 - ok

20:08:13.0401 4364        Boot (0x1200)   (1360c5e4e238af13f7adc068cc0a6afe) \Device\Harddisk3\DR3\Partition0

20:08:13.0401 4364        \Device\Harddisk3\DR3\Partition0 - ok

20:08:13.0401 4364        Boot (0x1200)   (b8bc9b0d8a707a9d85028c63e63f3021) \Device\Harddisk4\DR4\Partition0

20:08:13.0401 4364        \Device\Harddisk4\DR4\Partition0 - ok

20:08:13.0401 4364        ============================================================

20:08:13.0401 4364        Scan finished

20:08:13.0401 4364        ============================================================

20:08:13.0401 0764        Detected object count: 2

20:08:13.0401 0764        Actual detected object count: 2

20:10:51.0632 0764        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:51.0632 0764        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:10:51.0632 0764        SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:51.0632 0764        SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne,

ich habe jetzt den ComboFix-Log:

Code:

ComboFix 12-03-22.01 - admin 25.03.2012  18:48:01.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8109.6394 [GMT 2:00]

ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk

F:\Autorun.inf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-25 bis 2012-03-25  ))))))))))))))))))))))))))))))

.

.

2012-03-23 07:01 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C56A2759-055F-4D04-BD0B-5F66194AF0ED}\mpengine.dll

2012-03-22 08:14 . 2012-03-22 08:14        --------        d-----w-        c:\program files\Java

2012-03-22 08:07 . 2012-03-22 08:07        --------        d-----w-        C:\_OTL

2012-03-21 21:11 . 2012-03-21 21:11        --------        d-----w-        c:\users\admin\Tracing

2012-03-21 21:11 . 2012-03-21 21:11        --------        d-----w-        c:\windows\en

2012-03-21 21:08 . 2012-03-21 21:08        --------        d-----w-        c:\windows\es

2012-03-21 21:08 . 2012-03-21 21:08        --------        d-----w-        c:\windows\de

2012-03-21 21:08 . 2012-03-21 21:08        --------        d-----w-        c:\windows\nl

2012-03-21 21:03 . 2012-03-08 17:40        48488        ----a-w-        c:\windows\system32\drivers\fssfltr.sys

2012-03-21 21:03 . 2012-03-21 21:03        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\11d7f7cd1cd07a602\MeshBetaRemover.exe

2012-03-21 21:03 . 2012-03-21 21:03        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\eb829711cd07a601\DSETUP.dll

2012-03-21 21:03 . 2012-03-21 21:03        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\eb829711cd07a601\DXSETUP.exe

2012-03-21 21:03 . 2012-03-21 21:03        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\eb829711cd07a601\dsetup32.dll

2012-03-21 21:03 . 2012-03-21 21:11        --------        d-----w-        c:\users\admin\AppData\Local\Windows Live

2012-03-21 08:15 . 2012-03-21 08:15        --------        d-----w-        c:\programdata\PACE Anti-Piracy

2012-03-21 08:09 . 2012-03-21 08:09        --------        d-----w-        c:\users\Tobias

2012-03-21 08:06 . 2012-03-22 08:14        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-03-21 08:06 . 2012-03-22 08:14        660368        ----a-w-        c:\windows\system32\deployJava1.dll

2012-03-21 08:00 . 2012-03-21 08:00        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-03-21 08:00 . 2012-03-21 08:00        --------        d-----r-        c:\program files (x86)\Skype

2012-03-21 07:56 . 2012-03-21 07:56        --------        d-----w-        c:\users\admin\AppData\Local\Secunia PSI

2012-03-18 23:26 . 2012-03-18 23:26        --------        d-----w-        c:\program files (x86)\ESET

2012-03-18 22:49 . 2012-03-18 22:49        --------        d-----w-        c:\users\admin\AppData\Roaming\Malwarebytes

2012-03-18 22:49 . 2012-03-18 22:49        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-18 22:49 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-14 21:17 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-14 21:17 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 21:17 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 17:33 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 17:33 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-03-14 17:33 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 17:32 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-14 17:32 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-03-14 17:32 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-14 17:32 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-14 17:32 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-14 17:32 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-14 17:32 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-13 20:03 . 2012-03-13 20:03        --------        d-----w-        c:\programdata\ALM

2012-03-13 19:47 . 2012-03-13 19:47        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine

2012-03-13 19:47 . 2012-03-13 19:47        --------        d-----w-        c:\program files (x86)\My Company Name

2012-03-13 19:47 . 2012-03-13 19:47        --------        d-----w-        c:\program files (x86)\Common Files\Sonic Shared

2012-03-13 19:46 . 2012-03-13 20:51        --------        d-----w-        c:\program files\Common Files\Adobe

2012-03-11 16:37 . 2007-12-07 01:08        108032        ----a-w-        c:\windows\system32\E_ILMEFE.DLL

2012-03-11 16:37 . 2007-12-07 01:01        81408        ----a-w-        c:\windows\system32\E_IBCBEFE.DLL

2012-03-11 16:37 . 2007-04-10 00:06        10752        ----a-w-        c:\windows\system32\E_GCINST.DLL

2012-03-11 16:37 . 2012-03-11 16:37        --------        d-----w-        c:\programdata\EPSON

2012-03-08 21:31 . 2012-03-08 21:31        --------        d-----w-        c:\users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-03-08 17:50 . 2012-03-08 17:50        49016        ----a-w-        c:\windows\SysWow64\sirenacm.dll

2012-03-08 17:37 . 2012-03-08 17:37        302448        ----a-w-        c:\windows\WLXPGSS.SCR

2012-03-08 16:09 . 2012-03-08 16:09        --------        d-----w-        c:\users\admin\AppData\Roaming\GMX

2012-03-08 16:09 . 2012-03-08 16:09        --------        d-----w-        c:\programdata\GMX

2012-03-08 16:09 . 2009-12-02 16:20        135168        ----a-w-        c:\windows\system32\UIGMXMON.DLL

2012-03-01 19:48 . 2012-03-01 20:51        --------        d-----w-        c:\users\admin\AppData\Roaming\FileZilla

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-21 07:58 . 2011-12-01 16:24        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-03-10 18:55 . 2011-12-01 16:18        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-16 19:52 . 2011-12-17 16:08        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-02-11 10:14 . 2012-02-11 10:14        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2012-02-11 10:14 . 2012-02-11 10:14        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2012-02-11 10:14 . 2012-02-11 10:14        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2012-02-11 10:14 . 2012-02-11 10:14        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2012-01-04 22:39 . 2012-01-04 22:39        576536        ----a-r-        c:\users\admin\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe

2012-01-04 10:44 . 2012-02-16 19:57        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-16 19:57        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-16 19:57        515584        ----a-w-        c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-16 19:57        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-16 19:57        498688        ----a-w-        c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\program files (x86)\Steam\Steam.exe" [2011-12-06 1242448]

"FileHippo.com"="d:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avgnt"="d:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="d:\program files (x86)\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - d:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirSchedulerService;Avira Planer;d:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]

S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Secunia PSI Agent;Secunia PSI Agent;d:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]

S2 Secunia Update Agent;Secunia Update Agent;d:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-25 c:\windows\Tasks\SDMsgUpdate (TE).job

- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-02-12 18:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxpdy2mc.default\

FF - prefs.js: browser.startup.homepage - www.google.de

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

d:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-25  19:31:15 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-25 17:31

.

Vor Suchlauf: 6.590.414.848 Bytes frei

Nach Suchlauf: 6.412.816.384 Bytes frei

.

- - End Of File - - 17EC91EC6C54864BC71A90196C4E3282

Viele Grüße

Tobias

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hallo Arne,

ich habe den Scan wie beschrieben durchgeführt. Folgendes kam dabei heraus:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-28 07:47:15

-----------------------------

07:47:15.793    OS Version: Windows x64 6.1.7601 Service Pack 1

07:47:15.793    Number of processors: 4 586 0x2A07

07:47:15.793    ComputerName: ADMIN-PC  UserName: admin

07:47:15.871    Initialize success

07:48:35.469    AVAST engine defs: 12032702

07:49:35.779    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

07:49:35.779    Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3

07:49:35.794    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

07:49:35.794    Disk 1 Vendor: M4-CT064 0009 Size: 61057MB BusType: 3

07:49:35.794    Disk 1 MBR read successfully

07:49:35.794    Disk 1 MBR scan

07:49:35.794    Disk 1 Windows 7 default MBR code

07:49:35.810    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        61056 MB offset 2048

07:49:35.810    Disk 1 scanning C:\Windows\system32\drivers

07:49:37.729    Service scanning

07:49:42.799    Modules scanning

07:49:42.799    Disk 1 trace - called modules:

07:49:42.799    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

07:49:42.815    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80094b2060]

07:49:42.815    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80082bd050]

07:49:42.924    AVAST engine scan C:\Windows

07:49:43.345    AVAST engine scan C:\Windows\system32

07:50:24.309    AVAST engine scan C:\Windows\system32\drivers

07:50:26.478    AVAST engine scan C:\Users\admin

07:50:28.272    File: C:\Users\admin\AppData\Local\Temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen

07:50:28.303    File: C:\Users\admin\AppData\Local\Temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen

07:50:31.829    AVAST engine scan C:\ProgramData

07:50:37.710    Scan finished successfully

07:50:57.023    Disk 1 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"

07:50:57.023    The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

Viele Grüße

Tobias

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!