Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundepolizei Trojaner - ...\Temporary Internet Files\Content.IE5\TFYDY7IU\91_217_200_105[1].htm (https://www.trojaner-board.de/112226-bundepolizei-trojaner-temporary-internet-files-content-ie5-tfydy7iu-91_217_200_105-1-htm.html)

covellite 24.03.2012 16:35
Bundepolizei Trojaner - ...\Temporary Internet Files\Content.IE5\TFYDY7IU\91_217_200_105[1].htm
 
Hallo,

also, als Erstes, bitte entschuldigt mein schlechtes Deutsch - das ist nicht meine Muttersprache. Ich werde mein Bestes geben, mich verständlich auszudrucken.

Ich suche Hilfe mit der Entfernung dieses Trojaner. Avira kriegt das nicht hin und ich kenne mich leider nicht damit aus :daumenrunter:

Wenn ich mich mit dem 'Admin' Konto anmelde, erscheint fast sofort diese 'Bundespolizei' Meldung - Task Manager lässt sich nicht ausführen und ich habe keinen Zugriff aufs Desktop.

Habe von einem anderen Konto aus eine Vollständige Systemprüfung mit Avira laufen lassen und den Befund in Quarantäne gestellt - trotzdem bleibt das Problem bestehen.

Habe inzwischen gemerket, das ich beim infizierten Konto mit Alt+Tab zu Windows Explorer wechseln kann. Lass dann Avira nochmal darüber laufen, stelle alles wieder in Quarantäne - gleiches Ergebnis.

3. Versuch mit Avira - diesmal wähle ich 'Löschen' aus. Aber das Problem ist immer noch da.

Ich habe keine Ahnung, was ich als Nächstes tun soll.

Es folgen die gewünschte Log-Dateien. Ich habe die Logs von Avira gezippt und angehängt.

Bin dankbar für jedliche Hilfe!
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 24/03/2012 (Mareike)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_29
Run by Mareike at 15:53:23 on 2012-03-24
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8169.6053 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskmgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=fa0964e100000000000000268312aa4d
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge]
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
StartupFolder: C:\Users\Mareike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{718BAB93-B443-45C1-9497-4ADF3B94C612} : DhcpNameServer = 192.168.2.1
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{AE7CD045-E861-484f-8273-0445EE161910}
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [(Standard)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-13 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-13 269480]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-6-21 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2011-6-21 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-6-23 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-13 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 2348352]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-03-19 08:38:38        592824        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 08:38:38        44472        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 05:53:47        5559152        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-03-14 05:53:47        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:53:47        3913584        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 05:50:54        8643640        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52B71A7E-0919-449C-8D50-5A0AA6607511}\mpengine.dll
2012-03-14 05:50:45        3145728        ----a-w-        C:\Windows\System32\win32k.sys
2012-03-14 05:50:45        1544192        ----a-w-        C:\Windows\System32\DWrite.dll
2012-03-14 05:50:44        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe
2012-03-14 05:50:44        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll
2012-03-14 05:50:44        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll
2012-03-14 05:50:44        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 05:50:44        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 05:50:44        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll
2012-03-14 05:50:44        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll
2012-03-14 05:50:44        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll
2012-03-11 19:23:51        306688        ----a-w-        C:\Windows\IsUninst.exe
.
==================== Find3M  ====================
.
2012-02-23 09:18:36        279656        ------w-        C:\Windows\System32\MpSigStub.exe
2012-02-10 03:14:04        6074176        ----a-w-        C:\Windows\System32\nvcpl.dll
2012-02-10 03:14:01        3089728        ----a-w-        C:\Windows\System32\nvsvc64.dll
2012-02-10 03:07:03        2561856        ----a-w-        C:\Windows\System32\nvsvcr.dll
2012-02-10 03:07:00        889664        ----a-w-        C:\Windows\System32\nvvsvc.exe
2012-02-10 03:07:00        63296        ----a-w-        C:\Windows\System32\nvshext.dll
2012-02-10 03:07:00        118080        ----a-w-        C:\Windows\System32\nvmctray.dll
2012-02-10 03:05:59        2497985        ----a-w-        C:\Windows\System32\nvcoproc.bin
2012-01-17 12:46:01        31040        ----a-w-        C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56        188224        ----a-w-        C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55        1451840        ----a-w-        C:\Windows\System32\nvhdagenco6420103.dll
2012-01-04 10:44:20        509952        ----a-w-        C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41        442880        ----a-w-        C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08        515584        ----a-w-        C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56        478720        ----a-w-        C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24        498688        ----a-w-        C:\Windows\System32\drivers\afd.sys
2011-12-27 13:51:57        18960        ----a-w-        C:\Windows\System32\drivers\LNonPnP.sys
2011-05-15 05:35:09        12535496        ----a-w-        C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 15:53:42,43 ===============

cosinus 25.03.2012 17:32
Welche Sprache ist denn deine Muttersprache? Niederländisch? :confused:

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

covellite 26.03.2012 07:24
Nee. Ich bin Neuseelander :)

Hier das Log
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mareike :: ADMIN-PC [Administrator]

Schutz: Aktiviert

26.03.2012 07:37:23
mbam-log-2012-03-26 (07-37-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 496959
Laufzeit: 40 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Admin\AppData\Local\Temp\0.29425783270396944.exe (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.29425783270396944.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Muss jetzt zur Arbeit. ESET Scan mache ich nacher.

cosinus 26.03.2012 12:48
Na, als Neuseeländer wirst du ja Englisch können oder? :)
Wenn es bei dir mit dem Text auf Deutsch nicht immer klappt, dann poste ruhig auf Englisch, das sollte ich auch verstehen :D

covellite 26.03.2012 19:39
Roger that :D

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c14860959cdb594f835fe7b2d542000e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-26 06:34:48
# local_time=2012-03-26 08:34:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 189401 107679082 181692 0
# compatibility_mode=5893 16776574 100 94 723707 84412368 0 0
# compatibility_mode=8192 67108863 100 0 544 544 0 0
# scanned=271313
# found=3
# cleaned=0
# scan_time=4538
C:\Users\Admin\AppData\Local\Temp\Main.class        a variant of Java/Exploit.CVE-2011-3544.BF trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2fb62d5f-242a4104        a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)        00000000000000000000000000000000        I
T:\Important Apps and Drivers\freeripmp3-setup.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

cosinus 26.03.2012 21:16
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

covellite 27.03.2012 06:17
Alles klar. Hier die OTL Ergebnisse.
Code:
OTL logfile created on: 27.03.2012 06:58:26 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Mareike\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 80,78% Memory free
15,95 Gb Paging File | 14,30 Gb Available in Paging File | 89,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 27,66 Gb Free Space | 23,21% Space Free | Partition Type: NTFS
Drive D: | 642,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 7,45 Gb Total Space | 7,44 Gb Free Space | 99,90% Space Free | Partition Type: FAT32
Drive T: | 931,51 Gb Total Space | 790,50 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Mareike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.27 06:54:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mareike\Desktop\OTL.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.06.29 08:22:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.23 18:59:18 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2011.06.21 07:05:09 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2011.06.21 07:04:52 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2011.06.20 20:00:58 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 16:32:24 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.21 20:05:39 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll
MOD - [2012.02.21 19:36:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.21 19:36:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.21 19:36:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.21 19:36:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.21 19:36:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.21 19:35:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.21 19:35:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.21 19:35:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.03 15:10:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2011.10.22 18:01:18 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2011.10.22 14:50:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.21 07:05:09 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
MOD - [2011.06.21 07:04:32 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll
MOD - [2011.06.21 07:04:31 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.06.29 08:22:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.25 12:08:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.23 18:59:18 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2011.06.21 07:05:09 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011.06.21 07:04:52 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2011.06.20 20:00:58 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.11.01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.11.01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.10.24 18:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.06.29 08:22:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 08:22:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.21 07:04:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.08.10 11:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.08 17:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=fa0964e100000000000000268312aa4d
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=fa0964e100000000000000268312aa4d
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.15 09:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.20 21:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 10:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.17 07:46:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.20 21:56:21 | 000,000,000 | ---D | M]
 
[2011.05.13 18:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\Extensions
[2012.03.15 09:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\Firefox\Profiles\gl03g850.default\extensions
[2012.03.11 11:24:51 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Mareike\AppData\Roaming\mozilla\Firefox\Profiles\gl03g850.default\extensions\support@lastpass.com
[2012.02.22 16:31:58 | 000,000,933 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\11-suche.xml
[2012.02.22 16:31:58 | 000,002,419 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\englische-ergebnisse.xml
[2012.02.22 16:31:58 | 000,010,525 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\gmx-suche.xml
[2012.02.22 16:31:58 | 000,002,457 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\lastminute.xml
[2012.02.22 16:31:58 | 000,005,508 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\webde-suche.xml
[2012.01.16 09:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.15 09:44:05 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.03.19 10:38:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.30 18:38:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 18:38:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 18:38:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 18:38:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 18:38:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 18:38:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1003..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\Register\RegistrationReminder.exe (Ubisoft)
O4 - Startup: C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{718BAB93-B443-45C1-9497-4ADF3B94C612}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.04.30 18:57:48 | 000,001,452 | R--- | M] () - D:\Autorun.ini -- [ UDF ]
O32 - AutoRun File - [2001.02.13 02:04:06 | 000,000,046 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: AthBtTray - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
MsConfig:64bit - StartUpReg: AtherosBtStack - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.27 06:54:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Mareike\Desktop\OTL.exe
[2012.03.26 19:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.26 19:12:30 | 000,000,000 | ---D | C] -- C:\Users\Mareike\Desktop\Virenbekämpfung
[2012.03.26 07:33:08 | 000,000,000 | ---D | C] -- C:\Users\Mareike\AppData\Roaming\Malwarebytes
[2012.03.26 07:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.26 07:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.26 07:32:48 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.26 07:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.12 21:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.12 08:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
[2011.05.15 07:35:09 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.27 06:57:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 06:57:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 06:54:57 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.27 06:54:57 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.27 06:54:57 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.27 06:54:57 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.27 06:54:57 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.27 06:54:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mareike\Desktop\OTL.exe
[2012.03.27 06:50:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 06:50:36 | 2129,350,655 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.24 16:52:14 | 000,000,000 | ---- | M] () -- C:\Users\Mareike\defogger_reenable
[2012.03.19 11:17:38 | 002,621,370 | ---- | M] () -- C:\Users\Mareike\Desktop\Mareike-Arnold_Arbeitsproben.pdf
[2012.03.14 08:12:25 | 004,889,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.01 13:09:26 | 014,831,142 | ---- | M] () -- C:\Users\Mareike\Desktop\IMG_001.bmp
 
========== Files Created - No Company Name ==========
 
[2012.03.24 16:52:14 | 000,000,000 | ---- | C] () -- C:\Users\Mareike\defogger_reenable
[2012.03.19 10:50:27 | 002,621,370 | ---- | C] () -- C:\Users\Mareike\Desktop\Mareike-Arnold_Arbeitsproben.pdf
[2012.03.11 21:53:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate
[2012.03.01 13:09:54 | 014,831,142 | ---- | C] () -- C:\Users\Mareike\Desktop\IMG_001.bmp
[2012.01.25 20:15:48 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.02 20:52:55 | 000,000,218 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.01.02 20:51:55 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.12.26 00:04:49 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.26 00:04:48 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.12.26 00:04:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.12.26 00:04:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.12.26 00:04:48 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.12.26 00:04:48 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.12.26 00:04:48 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.12.26 00:04:48 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.12.26 00:04:48 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.12.26 00:04:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.12.26 00:04:48 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.12.26 00:04:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.12.26 00:04:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.12.26 00:04:48 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.12.26 00:04:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.12.26 00:04:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.12.26 00:04:48 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.12.26 00:04:48 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.12.26 00:04:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.12.26 00:04:13 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V500DEFGIPSRUk.ini
[2011.12.07 02:55:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.07.05 06:21:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.04 07:40:08 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.06.23 19:26:42 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011.06.23 19:25:54 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.06.21 07:06:29 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.06.21 07:06:23 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.06.20 20:01:20 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.20 20:00:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.13 17:03:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.13 06:24:07 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.13 06:24:01 | 000,026,999 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2011.06.25 14:09:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2012.01.02 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2011.09.18 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager
[2011.12.26 01:38:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2012.01.20 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia
[2011.10.27 20:01:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia Ovi Suite
[2011.10.30 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2011.09.22 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2012.02.10 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.10.04 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2011.12.26 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.03.27 06:52:18 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Dropbox
[2011.07.12 10:05:26 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\elsterformular
[2011.12.20 23:33:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\PC Suite
[2011.07.06 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\SaalDesignSoftware
[2011.07.08 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.19 18:59:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.26 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Adobe
[2011.07.08 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Adobe Mini Bridge CS5.1
[2011.09.13 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Avira
[2011.12.26 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.03.27 06:52:18 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Dropbox
[2011.07.12 10:05:26 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\elsterformular
[2011.05.13 17:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Identities
[2011.05.13 17:59:57 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Intel Corporation
[2011.05.15 07:37:47 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Macromedia
[2012.03.26 07:33:08 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Media Center Programs
[2012.03.27 06:57:56 | 000,000,000 | --SD | M] -- C:\Users\Mareike\AppData\Roaming\Microsoft
[2011.05.13 18:00:22 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Mozilla
[2012.02.23 08:54:00 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\NVIDIA
[2011.12.20 23:33:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\PC Suite
[2011.07.06 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\SaalDesignSoftware
[2011.07.08 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.21 13:44:35 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mareike\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.11.21 13:45:18 | 029,226,840 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\SaalDesignSoftware\Local Store\temp\SaalDesignSoftware2.9.2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 828 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

< End of report >

cosinus 27.03.2012 11:39
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=fa0964e100000000000000268312aa4d
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=fa0964e100000000000000268312aa4d
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q="
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1003..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

covellite 27.03.2012 18:03
Hi Arne,

ich habe den OTL-fix ausgeführt. Unten das Log...
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 1879711404 bytes
->Temporary Internet Files folder emptied: 10200778 bytes
->Java cache emptied: 886054 bytes
->FireFox cache emptied: 314396256 bytes
->Flash cache emptied: 1669 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 314101 bytes
->Temporary Internet Files folder emptied: 49308364 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31986819 bytes
->Flash cache emptied: 57336 bytes
 
User: Mareike
->Temp folder emptied: 10227680 bytes
->Temporary Internet Files folder emptied: 383059 bytes
->Java cache emptied: 1396693 bytes
->FireFox cache emptied: 556923325 bytes
->Flash cache emptied: 80902 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28499596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.751,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_182051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 27.03.2012 19:38
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

covellite 27.03.2012 20:35
So gemacht...

Code:
21:31:03.0905 2376        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:31:04.0157 2376        ============================================================
21:31:04.0157 2376        Current date / time: 2012/03/27 21:31:04.0157
21:31:04.0157 2376        SystemInfo:
21:31:04.0157 2376       
21:31:04.0157 2376        OS Version: 6.1.7601 ServicePack: 1.0
21:31:04.0157 2376        Product type: Workstation
21:31:04.0158 2376        ComputerName: ***
21:31:04.0158 2376        UserName: ***
21:31:04.0158 2376        Windows directory: C:\Windows
21:31:04.0158 2376        System windows directory: C:\Windows
21:31:04.0158 2376        Running under WOW64
21:31:04.0158 2376        Processor architecture: Intel x64
21:31:04.0158 2376        Number of processors: 4
21:31:04.0158 2376        Page size: 0x1000
21:31:04.0158 2376        Boot type: Normal boot
21:31:04.0158 2376        ============================================================
21:31:04.0448 2376        Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:04.0449 2376        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:04.0459 2376        \Device\Harddisk0\DR0:
21:31:04.0460 2376        MBR used
21:31:04.0460 2376        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:31:04.0460 2376        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
21:31:04.0460 2376        \Device\Harddisk1\DR1:
21:31:04.0460 2376        MBR used
21:31:04.0460 2376        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:31:04.0503 2376        Initialize success
21:31:04.0503 2376        ============================================================
21:31:37.0327 3376        ============================================================
21:31:37.0327 3376        Scan started
21:31:37.0327 3376        Mode: Manual; SigCheck; TDLFS;
21:31:37.0327 3376        ============================================================
21:31:37.0396 3376        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:31:37.0456 3376        1394ohci - ok
21:31:37.0468 3376        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:31:37.0485 3376        ACPI - ok
21:31:37.0493 3376        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:31:37.0516 3376        AcpiPmi - ok
21:31:37.0529 3376        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:31:37.0550 3376        adp94xx - ok
21:31:37.0562 3376        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:31:37.0580 3376        adpahci - ok
21:31:37.0590 3376        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:31:37.0604 3376        adpu320 - ok
21:31:37.0613 3376        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:31:37.0671 3376        AeLookupSvc - ok
21:31:37.0684 3376        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:31:37.0705 3376        AFD - ok
21:31:37.0713 3376        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:31:37.0724 3376        agp440 - ok
21:31:37.0731 3376        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:31:37.0748 3376        ALG - ok
21:31:37.0755 3376        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:31:37.0765 3376        aliide - ok
21:31:37.0773 3376        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:31:37.0783 3376        amdide - ok
21:31:38.0293 3376        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:31:38.0309 3376        AmdK8 - ok
21:31:38.0316 3376        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:31:38.0331 3376        AmdPPM - ok
21:31:38.0339 3376        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:31:38.0352 3376        amdsata - ok
21:31:38.0361 3376        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:31:38.0375 3376        amdsbs - ok
21:31:38.0382 3376        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:31:38.0392 3376        amdxata - ok
21:31:38.0397 3376        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:31:38.0409 3376        AntiVirSchedulerService - ok
21:31:38.0416 3376        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:31:38.0427 3376        AntiVirService - ok
21:31:38.0435 3376        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:31:38.0477 3376        AppID - ok
21:31:38.0484 3376        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:31:38.0527 3376        AppIDSvc - ok
21:31:38.0535 3376        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:31:38.0576 3376        Appinfo - ok
21:31:38.0584 3376        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:31:38.0596 3376        arc - ok
21:31:38.0605 3376        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:31:38.0616 3376        arcsas - ok
21:31:38.0629 3376        asComSvc        (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
21:31:38.0680 3376        asComSvc - ok
21:31:38.0694 3376        asHmComSvc      (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
21:31:38.0718 3376        asHmComSvc - ok
21:31:38.0725 3376        AsIO            (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
21:31:38.0731 3376        AsIO - ok
21:31:38.0741 3376        AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
21:31:38.0758 3376        AsSysCtrlService - ok
21:31:38.0765 3376        AsUpIO          (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
21:31:38.0772 3376        AsUpIO - ok
21:31:38.0779 3376        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:38.0822 3376        AsyncMac - ok
21:31:38.0830 3376        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:31:38.0840 3376        atapi - ok
21:31:38.0847 3376        AthBTPort      (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
21:31:38.0855 3376        AthBTPort - ok
21:31:38.0862 3376        ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
21:31:38.0871 3376        ATHDFU - ok
21:31:38.0875 3376        AtherosSvc      (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:31:38.0881 3376        AtherosSvc - ok
21:31:38.0896 3376        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:31:38.0949 3376        AudioEndpointBuilder - ok
21:31:38.0960 3376        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:31:39.0009 3376        AudioSrv - ok
21:31:39.0019 3376        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:31:39.0027 3376        avgntflt - ok
21:31:39.0036 3376        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:31:39.0044 3376        avipbb - ok
21:31:39.0053 3376        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:31:39.0079 3376        AxInstSV - ok
21:31:39.0091 3376        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:31:39.0111 3376        b06bdrv - ok
21:31:39.0122 3376        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:31:39.0139 3376        b57nd60a - ok
21:31:39.0149 3376        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:31:39.0164 3376        BDESVC - ok
21:31:39.0172 3376        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:31:39.0214 3376        Beep - ok
21:31:39.0230 3376        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:31:39.0283 3376        BFE - ok
21:31:39.0299 3376        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:31:39.0355 3376        BITS - ok
21:31:39.0363 3376        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:31:39.0377 3376        blbdrive - ok
21:31:39.0386 3376        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:31:39.0399 3376        bowser - ok
21:31:39.0407 3376        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:31:39.0424 3376        BrFiltLo - ok
21:31:39.0431 3376        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:31:39.0448 3376        BrFiltUp - ok
21:31:39.0456 3376        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:31:39.0499 3376        Browser - ok
21:31:39.0510 3376        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:31:39.0530 3376        Brserid - ok
21:31:39.0538 3376        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:31:39.0555 3376        BrSerWdm - ok
21:31:39.0562 3376        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:31:39.0580 3376        BrUsbMdm - ok
21:31:39.0587 3376        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:31:39.0600 3376        BrUsbSer - ok
21:31:39.0611 3376        BTATH_A2DP      (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
21:31:39.0623 3376        BTATH_A2DP - ok
21:31:39.0631 3376        BTATH_BUS      (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
21:31:39.0638 3376        BTATH_BUS - ok
21:31:39.0647 3376        BTATH_HCRP      (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:31:39.0657 3376        BTATH_HCRP - ok
21:31:39.0665 3376        BTATH_LWFLT    (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:31:39.0673 3376        BTATH_LWFLT - ok
21:31:39.0682 3376        BTATH_RCP      (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:31:39.0691 3376        BTATH_RCP - ok
21:31:39.0703 3376        BtFilter        (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
21:31:39.0715 3376        BtFilter - ok
21:31:39.0723 3376        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:31:39.0737 3376        BthEnum - ok
21:31:39.0745 3376        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:31:39.0762 3376        BTHMODEM - ok
21:31:39.0771 3376        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:31:39.0789 3376        BthPan - ok
21:31:39.0802 3376        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:31:39.0824 3376        BTHPORT - ok
21:31:39.0832 3376        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:31:39.0875 3376        bthserv - ok
21:31:39.0883 3376        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:31:39.0897 3376        BTHUSB - ok
21:31:39.0905 3376        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:31:39.0949 3376        cdfs - ok
21:31:39.0959 3376        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:31:39.0975 3376        cdrom - ok
21:31:39.0983 3376        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:31:40.0026 3376        CertPropSvc - ok
21:31:40.0034 3376        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:31:40.0052 3376        circlass - ok
21:31:40.0063 3376        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:31:40.0081 3376        CLFS - ok
21:31:40.0086 3376        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:40.0096 3376        clr_optimization_v2.0.50727_32 - ok
21:31:40.0101 3376        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:40.0111 3376        clr_optimization_v2.0.50727_64 - ok
21:31:40.0120 3376        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:31:40.0136 3376        CmBatt - ok
21:31:40.0143 3376        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:31:40.0153 3376        cmdide - ok
21:31:40.0167 3376        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:31:40.0195 3376        CNG - ok
21:31:40.0203 3376        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:31:40.0213 3376        Compbatt - ok
21:31:40.0221 3376        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:31:40.0238 3376        CompositeBus - ok
21:31:40.0245 3376        COMSysApp - ok
21:31:40.0254 3376        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:31:40.0264 3376        crcdisk - ok
21:31:40.0275 3376        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:31:40.0318 3376        CryptSvc - ok
21:31:40.0334 3376        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:31:40.0388 3376        DcomLaunch - ok
21:31:40.0398 3376        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:31:40.0445 3376        defragsvc - ok
21:31:40.0454 3376        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:31:40.0496 3376        DfsC - ok
21:31:40.0508 3376        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:31:40.0554 3376        Dhcp - ok
21:31:40.0563 3376        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:31:40.0606 3376        discache - ok
21:31:40.0614 3376        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:31:40.0625 3376        Disk - ok
21:31:40.0634 3376        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:31:40.0650 3376        Dnscache - ok
21:31:40.0659 3376        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:31:40.0705 3376        dot3svc - ok
21:31:40.0713 3376        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:31:40.0756 3376        DPS - ok
21:31:40.0763 3376        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:31:40.0780 3376        drmkaud - ok
21:31:40.0799 3376        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:40.0827 3376        DXGKrnl - ok
21:31:40.0839 3376        e1cexpress      (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
21:31:40.0852 3376        e1cexpress - ok
21:31:40.0860 3376        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:31:40.0905 3376        EapHost - ok
21:31:40.0948 3376        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:31:41.0015 3376        ebdrv - ok
21:31:41.0023 3376        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:31:41.0036 3376        EFS - ok
21:31:41.0047 3376        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:31:41.0073 3376        ehRecvr - ok
21:31:41.0079 3376        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:31:41.0094 3376        ehSched - ok
21:31:41.0107 3376        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:31:41.0129 3376        elxstor - ok
21:31:41.0137 3376        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:31:41.0150 3376        ErrDev - ok
21:31:41.0165 3376        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:31:41.0214 3376        EventSystem - ok
21:31:41.0224 3376        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:31:41.0269 3376        exfat - ok
21:31:41.0279 3376        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:31:41.0325 3376        fastfat - ok
21:31:41.0333 3376        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:31:41.0347 3376        fdc - ok
21:31:41.0354 3376        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:31:41.0396 3376        fdPHost - ok
21:31:41.0404 3376        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:31:41.0447 3376        FDResPub - ok
21:31:41.0455 3376        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:31:41.0466 3376        FileInfo - ok
21:31:41.0473 3376        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:31:41.0517 3376        Filetrace - ok
21:31:41.0525 3376        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:31:41.0538 3376        flpydisk - ok
21:31:41.0549 3376        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:31:41.0565 3376        FltMgr - ok
21:31:41.0585 3376        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:31:41.0617 3376        FontCache - ok
21:31:41.0622 3376        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:31:41.0630 3376        FontCache3.0.0.0 - ok
21:31:41.0638 3376        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:31:41.0649 3376        FsDepends - ok
21:31:41.0657 3376        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:41.0666 3376        Fs_Rec - ok
21:31:41.0676 3376        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:31:41.0694 3376        fvevol - ok
21:31:41.0702 3376        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:31:41.0713 3376        gagp30kx - ok
21:31:41.0728 3376        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:31:41.0782 3376        gpsvc - ok
21:31:41.0793 3376        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:31:41.0806 3376        hcw85cir - ok
21:31:41.0817 3376        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:31:41.0840 3376        HdAudAddService - ok
21:31:41.0849 3376        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:41.0867 3376        HDAudBus - ok
21:31:41.0875 3376        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:31:41.0889 3376        HidBatt - ok
21:31:41.0897 3376        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:31:41.0915 3376        HidBth - ok
21:31:41.0923 3376        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:31:41.0940 3376        HidIr - ok
21:31:41.0947 3376        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:31:41.0991 3376        hidserv - ok
21:31:41.0999 3376        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:42.0012 3376        HidUsb - ok
21:31:42.0021 3376        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:31:42.0065 3376        hkmsvc - ok
21:31:42.0074 3376        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:31:42.0091 3376        HomeGroupListener - ok
21:31:42.0100 3376        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:31:42.0115 3376        HomeGroupProvider - ok
21:31:42.0123 3376        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:31:42.0134 3376        HpSAMD - ok
21:31:42.0149 3376        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:31:42.0203 3376        HTTP - ok
21:31:42.0211 3376        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:31:42.0220 3376        hwpolicy - ok
21:31:42.0229 3376        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:42.0243 3376        i8042prt - ok
21:31:42.0255 3376        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
21:31:42.0270 3376        iaStor - ok
21:31:42.0274 3376        IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:31:42.0281 3376        IAStorDataMgrSvc - ok
21:31:42.0293 3376        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:31:42.0312 3376        iaStorV - ok
21:31:42.0319 3376        ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
21:31:42.0326 3376        ICCWDT - ok
21:31:42.0340 3376        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:31:42.0365 3376        idsvc - ok
21:31:42.0373 3376        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:31:42.0384 3376        iirsp - ok
21:31:42.0400 3376        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:31:42.0455 3376        IKEEXT - ok
21:31:42.0490 3376        IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
21:31:42.0545 3376        IntcAzAudAddService - ok
21:31:42.0553 3376        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:31:42.0563 3376        intelide - ok
21:31:42.0571 3376        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:42.0584 3376        intelppm - ok
21:31:42.0593 3376        Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
21:31:42.0602 3376        Intel® PROSet Monitoring Service - ok
21:31:42.0610 3376        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:31:42.0655 3376        IPBusEnum - ok
21:31:42.0664 3376        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:42.0706 3376        IpFilterDriver - ok
21:31:42.0720 3376        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:31:42.0770 3376        iphlpsvc - ok
21:31:42.0778 3376        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:31:42.0793 3376        IPMIDRV - ok
21:31:42.0802 3376        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:31:42.0846 3376        IPNAT - ok
21:31:42.0854 3376        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:31:42.0873 3376        IRENUM - ok
21:31:42.0881 3376        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:31:42.0892 3376        isapnp - ok
21:31:42.0902 3376        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:31:42.0917 3376        iScsiPrt - ok
21:31:42.0927 3376        JRAID          (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
21:31:42.0936 3376        JRAID - ok
21:31:42.0944 3376        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:42.0955 3376        kbdclass - ok
21:31:42.0962 3376        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:42.0976 3376        kbdhid - ok
21:31:42.0983 3376        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:42.0996 3376        KeyIso - ok
21:31:43.0004 3376        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:31:43.0016 3376        KSecDD - ok
21:31:43.0025 3376        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:31:43.0038 3376        KSecPkg - ok
21:31:43.0046 3376        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:31:43.0089 3376        ksthunk - ok
21:31:43.0100 3376        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:31:43.0149 3376        KtmRm - ok
21:31:43.0159 3376        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:31:43.0204 3376        LanmanServer - ok
21:31:43.0212 3376        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:31:43.0256 3376        LanmanWorkstation - ok
21:31:43.0266 3376        LGBusEnum      (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
21:31:43.0273 3376        LGBusEnum - ok
21:31:43.0281 3376        LGSHidFilt      (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
21:31:43.0291 3376        LGSHidFilt - ok
21:31:43.0299 3376        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
21:31:43.0306 3376        LGVirHid - ok
21:31:43.0314 3376        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:43.0357 3376        lltdio - ok
21:31:43.0367 3376        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:31:43.0415 3376        lltdsvc - ok
21:31:43.0422 3376        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:31:43.0465 3376        lmhosts - ok
21:31:43.0476 3376        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:31:43.0489 3376        LSI_FC - ok
21:31:43.0498 3376        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:31:43.0510 3376        LSI_SAS - ok
21:31:43.0518 3376        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:31:43.0529 3376        LSI_SAS2 - ok
21:31:43.0538 3376        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:43.0551 3376        LSI_SCSI - ok
21:31:43.0559 3376        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:31:43.0604 3376        luafv - ok
21:31:43.0613 3376        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:31:43.0621 3376        MBAMProtector - ok
21:31:43.0632 3376        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:31:43.0652 3376        MBAMService - ok
21:31:43.0660 3376        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:31:43.0677 3376        Mcx2Svc - ok
21:31:43.0684 3376        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:31:43.0695 3376        megasas - ok
21:31:43.0706 3376        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:31:43.0722 3376        MegaSR - ok
21:31:43.0730 3376        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:31:43.0738 3376        MEIx64 - ok
21:31:43.0745 3376        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:31:43.0789 3376        MMCSS - ok
21:31:43.0797 3376        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:31:43.0840 3376        Modem - ok
21:31:43.0849 3376        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:31:43.0865 3376        monitor - ok
21:31:43.0874 3376        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:43.0885 3376        mouclass - ok
21:31:43.0893 3376        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:43.0907 3376        mouhid - ok
21:31:43.0915 3376        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:31:43.0927 3376        mountmgr - ok
21:31:43.0936 3376        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:31:43.0949 3376        mpio - ok
21:31:43.0958 3376        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:31:44.0001 3376        mpsdrv - ok
21:31:44.0018 3376        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:31:44.0073 3376        MpsSvc - ok
21:31:44.0083 3376        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:31:44.0104 3376        MRxDAV - ok
21:31:44.0114 3376        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:44.0130 3376        mrxsmb - ok
21:31:44.0141 3376        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:44.0158 3376        mrxsmb10 - ok
21:31:44.0167 3376        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:44.0181 3376        mrxsmb20 - ok
21:31:44.0189 3376        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:31:44.0199 3376        msahci - ok
21:31:44.0207 3376        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:31:44.0220 3376        msdsm - ok
21:31:44.0228 3376        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:31:44.0245 3376        MSDTC - ok
21:31:44.0254 3376        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:31:44.0297 3376        Msfs - ok
21:31:44.0304 3376        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:31:44.0347 3376        mshidkmdf - ok
21:31:44.0355 3376        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:31:44.0365 3376        msisadrv - ok
21:31:44.0374 3376        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:31:44.0424 3376        MSiSCSI - ok
21:31:44.0431 3376        msiserver - ok
21:31:44.0440 3376        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:44.0483 3376        MSKSSRV - ok
21:31:44.0491 3376        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:44.0534 3376        MSPCLOCK - ok
21:31:44.0542 3376        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:31:44.0585 3376        MSPQM - ok
21:31:44.0596 3376        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:31:44.0614 3376        MsRPC - ok
21:31:44.0624 3376        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:44.0634 3376        mssmbios - ok
21:31:44.0641 3376        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:31:44.0684 3376        MSTEE - ok
21:31:44.0691 3376        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:31:44.0704 3376        MTConfig - ok
21:31:44.0712 3376        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:31:44.0723 3376        Mup - ok
21:31:44.0734 3376        mv91xx          (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
21:31:44.0748 3376        mv91xx - ok
21:31:44.0761 3376        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:31:44.0810 3376        napagent - ok
21:31:44.0822 3376        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:44.0847 3376        NativeWifiP - ok
21:31:44.0866 3376        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:31:44.0896 3376        NDIS - ok
21:31:44.0905 3376        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:44.0948 3376        NdisCap - ok
21:31:44.0956 3376        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:44.0998 3376        NdisTapi - ok
21:31:45.0006 3376        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:45.0048 3376        Ndisuio - ok
21:31:45.0058 3376        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:45.0102 3376        NdisWan - ok
21:31:45.0110 3376        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:31:45.0152 3376        NDProxy - ok
21:31:45.0160 3376        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:31:45.0203 3376        NetBIOS - ok
21:31:45.0213 3376        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:31:45.0258 3376        NetBT - ok
21:31:45.0265 3376        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:45.0278 3376        Netlogon - ok
21:31:45.0289 3376        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:31:45.0337 3376        Netman - ok
21:31:45.0350 3376        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:31:45.0405 3376        netprofm - ok
21:31:45.0411 3376        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:45.0421 3376        NetTcpPortSharing - ok
21:31:45.0429 3376        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:31:45.0440 3376        nfrd960 - ok
21:31:45.0450 3376        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:31:45.0496 3376        NlaSvc - ok
21:31:45.0508 3376        nmwcd          (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
21:31:45.0537 3376        nmwcd - ok
21:31:45.0546 3376        nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
21:31:45.0573 3376        nmwcdc - ok
21:31:45.0581 3376        nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
21:31:45.0609 3376        nmwcdnsucx64 - ok
21:31:45.0619 3376        nmwcdnsux64    (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
21:31:45.0649 3376        nmwcdnsux64 - ok
21:31:45.0657 3376        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:31:45.0700 3376        Npfs - ok
21:31:45.0708 3376        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:31:45.0751 3376        nsi - ok
21:31:45.0759 3376        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:31:45.0802 3376        nsiproxy - ok
21:31:45.0832 3376        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:31:45.0880 3376        Ntfs - ok
21:31:45.0888 3376        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:31:45.0931 3376        Null - ok
21:31:45.0940 3376        nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:31:45.0952 3376        nusb3hub - ok
21:31:45.0962 3376        nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:31:45.0974 3376        nusb3xhc - ok
21:31:45.0985 3376        NVHDA          (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
21:31:45.0996 3376        NVHDA - ok
21:31:46.0146 3376        nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:46.0412 3376        nvlddmkm - ok
21:31:46.0424 3376        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:31:46.0437 3376        nvraid - ok
21:31:46.0447 3376        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:31:46.0460 3376        nvstor - ok
21:31:46.0477 3376        nvsvc          (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
21:31:46.0503 3376        nvsvc - ok
21:31:46.0531 3376        nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:31:46.0588 3376        nvUpdatusService - ok
21:31:46.0598 3376        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:31:46.0610 3376        nv_agp - ok
21:31:46.0618 3376        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:31:46.0632 3376        ohci1394 - ok
21:31:46.0637 3376        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:31:46.0646 3376        ose - ok
21:31:46.0657 3376        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:31:46.0679 3376        p2pimsvc - ok
21:31:46.0691 3376        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:31:46.0711 3376        p2psvc - ok
21:31:46.0720 3376        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:31:46.0734 3376        Parport - ok
21:31:46.0743 3376        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:31:46.0753 3376        partmgr - ok
21:31:46.0762 3376        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:31:46.0784 3376        PcaSvc - ok
21:31:46.0794 3376        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:31:46.0806 3376        pccsmcfd - ok
21:31:46.0816 3376        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:31:46.0830 3376        pci - ok
21:31:46.0838 3376        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:31:46.0848 3376        pciide - ok
21:31:46.0858 3376        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:31:46.0872 3376        pcmcia - ok
21:31:46.0880 3376        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:31:46.0890 3376        pcw - ok
21:31:46.0904 3376        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:31:46.0957 3376        PEAUTH - ok
21:31:46.0967 3376        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:31:46.0981 3376        PerfHost - ok
21:31:47.0009 3376        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:31:47.0075 3376        pla - ok
21:31:47.0088 3376        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:31:47.0110 3376        PlugPlay - ok
21:31:47.0118 3376        PnkBstrA - ok
21:31:47.0126 3376        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:31:47.0140 3376        PNRPAutoReg - ok
21:31:47.0150 3376        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:31:47.0167 3376        PNRPsvc - ok
21:31:47.0180 3376        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:31:47.0229 3376        PolicyAgent - ok
21:31:47.0240 3376        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:31:47.0286 3376        Power - ok
21:31:47.0295 3376        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:31:47.0338 3376        PptpMiniport - ok
21:31:47.0347 3376        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:31:47.0361 3376        Processor - ok
21:31:47.0371 3376        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:31:47.0416 3376        ProfSvc - ok
21:31:47.0423 3376        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:47.0436 3376        ProtectedStorage - ok
21:31:47.0446 3376        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:31:47.0488 3376        Psched - ok
21:31:47.0514 3376        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:31:47.0559 3376        ql2300 - ok
21:31:47.0569 3376        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:31:47.0582 3376        ql40xx - ok
21:31:47.0592 3376        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:31:47.0616 3376        QWAVE - ok
21:31:47.0624 3376        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:31:47.0644 3376        QWAVEdrv - ok
21:31:47.0651 3376        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:31:47.0694 3376        RasAcd - ok
21:31:47.0702 3376        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:31:47.0745 3376        RasAgileVpn - ok
21:31:47.0754 3376        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:31:47.0799 3376        RasAuto - ok
21:31:47.0808 3376        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:47.0852 3376        Rasl2tp - ok
21:31:47.0862 3376        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:31:47.0910 3376        RasMan - ok
21:31:47.0919 3376        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:47.0963 3376        RasPppoe - ok
21:31:47.0971 3376        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:31:48.0015 3376        RasSstp - ok
21:31:48.0026 3376        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:31:48.0072 3376        rdbss - ok
21:31:48.0079 3376        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:31:48.0096 3376        rdpbus - ok
21:31:48.0104 3376        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:48.0145 3376        RDPCDD - ok
21:31:48.0155 3376        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:31:48.0198 3376        RDPENCDD - ok
21:31:48.0208 3376        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:31:48.0249 3376        RDPREFMP - ok
21:31:48.0259 3376        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:31:48.0275 3376        RDPWD - ok
21:31:48.0286 3376        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:31:48.0300 3376        rdyboost - ok
21:31:48.0309 3376        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:31:48.0353 3376        RemoteAccess - ok
21:31:48.0362 3376        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:31:48.0409 3376        RemoteRegistry - ok
21:31:48.0418 3376        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:31:48.0437 3376        RFCOMM - ok
21:31:48.0445 3376        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:31:48.0490 3376        RpcEptMapper - ok
21:31:48.0498 3376        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:31:48.0512 3376        RpcLocator - ok
21:31:48.0525 3376        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:31:48.0574 3376        RpcSs - ok
21:31:48.0583 3376        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:31:48.0627 3376        rspndr - ok
21:31:48.0634 3376        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:48.0647 3376        SamSs - ok
21:31:48.0656 3376        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:31:48.0668 3376        sbp2port - ok
21:31:48.0677 3376        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:31:48.0723 3376        SCardSvr - ok
21:31:48.0732 3376        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:31:48.0773 3376        scfilter - ok
21:31:48.0792 3376        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:31:48.0853 3376        Schedule - ok
21:31:48.0862 3376        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:31:48.0903 3376        SCPolicySvc - ok
21:31:48.0912 3376        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:31:48.0929 3376        SDRSVC - ok
21:31:48.0937 3376        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:31:48.0980 3376        secdrv - ok
21:31:48.0987 3376        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:31:49.0029 3376        seclogon - ok
21:31:49.0037 3376        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:31:49.0081 3376        SENS - ok
21:31:49.0089 3376        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:31:49.0103 3376        SensrSvc - ok
21:31:49.0112 3376        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:31:49.0125 3376        Serenum - ok
21:31:49.0134 3376        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:31:49.0149 3376        Serial - ok
21:31:49.0158 3376        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:31:49.0172 3376        sermouse - ok
21:31:49.0183 3376        ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:31:49.0207 3376        ServiceLayer - ok
21:31:49.0222 3376        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:31:49.0266 3376        SessionEnv - ok
21:31:49.0274 3376        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:31:49.0291 3376        sffdisk - ok
21:31:49.0298 3376        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:31:49.0315 3376        sffp_mmc - ok
21:31:49.0323 3376        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:31:49.0340 3376        sffp_sd - ok
21:31:49.0347 3376        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:31:49.0361 3376        sfloppy - ok
21:31:49.0373 3376        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:31:49.0422 3376        SharedAccess - ok
21:31:49.0434 3376        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:31:49.0483 3376        ShellHWDetection - ok
21:31:49.0492 3376        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:31:49.0502 3376        SiSRaid2 - ok
21:31:49.0511 3376        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:31:49.0523 3376        SiSRaid4 - ok
21:31:49.0531 3376        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:31:49.0575 3376        Smb - ok
21:31:49.0585 3376        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:31:49.0600 3376        SNMPTRAP - ok
21:31:49.0608 3376        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:31:49.0617 3376        spldr - ok
21:31:49.0631 3376        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:31:49.0680 3376        Spooler - ok
21:31:49.0728 3376        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:31:49.0828 3376        sppsvc - ok
21:31:49.0837 3376        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:31:49.0882 3376        sppuinotify - ok
21:31:49.0890 3376        Spyder3        (d8b882c520fc83547e22014ff5ec66d7) C:\Windows\system32\DRIVERS\Spyder3.sys
21:31:49.0902 3376        Spyder3 - ok
21:31:49.0915 3376        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:31:49.0936 3376        srv - ok
21:31:49.0949 3376        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:31:49.0968 3376        srv2 - ok
21:31:49.0978 3376        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:31:49.0993 3376        srvnet - ok
21:31:50.0003 3376        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:31:50.0048 3376        SSDPSRV - ok
21:31:50.0056 3376        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:31:50.0101 3376        SstpSvc - ok
21:31:50.0105 3376        Steam Client Service - ok
21:31:50.0114 3376        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:31:50.0124 3376        stexstor - ok
21:31:50.0138 3376        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:31:50.0168 3376        stisvc - ok
21:31:50.0176 3376        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:31:50.0185 3376        swenum - ok
21:31:50.0196 3376        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:31:50.0212 3376        SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:31:50.0212 3376        SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:31:50.0225 3376        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:31:50.0277 3376        swprv - ok
21:31:50.0305 3376        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:31:50.0356 3376        SysMain - ok
21:31:50.0365 3376        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:31:50.0387 3376        TabletInputService - ok
21:31:50.0398 3376        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:31:50.0444 3376        TapiSrv - ok
21:31:50.0453 3376        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:31:50.0496 3376        TBS - ok
21:31:50.0526 3376        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:31:50.0580 3376        Tcpip - ok
21:31:50.0611 3376        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:31:50.0656 3376        TCPIP6 - ok
21:31:50.0666 3376        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:31:50.0708 3376        tcpipreg - ok
21:31:50.0718 3376        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:31:50.0730 3376        TDPIPE - ok
21:31:50.0738 3376        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:31:50.0751 3376        TDTCP - ok
21:31:50.0760 3376        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:31:50.0803 3376        tdx - ok
21:31:50.0812 3376        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:31:50.0822 3376        TermDD - ok
21:31:50.0838 3376        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:31:50.0891 3376        TermService - ok
21:31:50.0899 3376        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:31:50.0920 3376        Themes - ok
21:31:50.0928 3376        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:31:50.0971 3376        THREADORDER - ok
21:31:50.0980 3376        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:31:51.0025 3376        TrkWks - ok
21:31:51.0032 3376        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:31:51.0076 3376        TrustedInstaller - ok
21:31:51.0087 3376        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:51.0129 3376        tssecsrv - ok
21:31:51.0138 3376        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:31:51.0151 3376        TsUsbFlt - ok
21:31:51.0159 3376        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:31:51.0172 3376        TsUsbGD - ok
21:31:51.0181 3376        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:31:51.0223 3376        tunnel - ok
21:31:51.0232 3376        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:31:51.0242 3376        uagp35 - ok
21:31:51.0254 3376        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:31:51.0300 3376        udfs - ok
21:31:51.0312 3376        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:31:51.0327 3376        UI0Detect - ok
21:31:51.0335 3376        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:31:51.0346 3376        uliagpkx - ok
21:31:51.0354 3376        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:31:51.0368 3376        umbus - ok
21:31:51.0376 3376        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:31:51.0389 3376        UmPass - ok
21:31:51.0400 3376        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:31:51.0448 3376        upnphost - ok
21:31:51.0457 3376        upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:31:51.0485 3376        upperdev - ok
21:31:51.0494 3376        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:51.0508 3376        usbccgp - ok
21:31:51.0517 3376        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:31:51.0535 3376        usbcir - ok
21:31:51.0543 3376        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:31:51.0556 3376        usbehci - ok
21:31:51.0568 3376        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:31:51.0587 3376        usbhub - ok
21:31:51.0595 3376        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:31:51.0608 3376        usbohci - ok
21:31:51.0616 3376        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:31:51.0633 3376        usbprint - ok
21:31:51.0641 3376        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:31:51.0659 3376        usbscan - ok
21:31:51.0667 3376        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
21:31:51.0681 3376        usbser - ok
21:31:51.0690 3376        UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
21:31:51.0716 3376        UsbserFilt - ok
21:31:51.0725 3376        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:51.0739 3376        USBSTOR - ok
21:31:51.0748 3376        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:31:51.0761 3376        usbuhci - ok
21:31:51.0769 3376        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:31:51.0813 3376        UxSms - ok
21:31:51.0821 3376        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:51.0834 3376        VaultSvc - ok
21:31:51.0842 3376        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:31:51.0852 3376        vdrvroot - ok
21:31:51.0866 3376        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:31:51.0917 3376        vds - ok
21:31:51.0925 3376        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:51.0942 3376        vga - ok
21:31:51.0950 3376        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:31:51.0993 3376        VgaSave - ok
21:31:52.0004 3376        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:31:52.0019 3376        vhdmp - ok
21:31:52.0027 3376        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:31:52.0037 3376        viaide - ok
21:31:52.0046 3376        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:31:52.0057 3376        volmgr - ok
21:31:52.0069 3376        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:31:52.0087 3376        volmgrx - ok
21:31:52.0098 3376        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:31:52.0114 3376        volsnap - ok
21:31:52.0124 3376        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:31:52.0137 3376        vsmraid - ok
21:31:52.0163 3376        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:31:52.0230 3376        VSS - ok
21:31:52.0239 3376        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:31:52.0256 3376        vwifibus - ok
21:31:52.0268 3376        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:31:52.0317 3376        W32Time - ok
21:31:52.0328 3376        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:31:52.0342 3376        WacomPen - ok
21:31:52.0351 3376        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:52.0393 3376        WANARP - ok
21:31:52.0397 3376        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:52.0439 3376        Wanarpv6 - ok
21:31:52.0464 3376        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:31:52.0503 3376        wbengine - ok
21:31:52.0514 3376        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:31:52.0538 3376        WbioSrvc - ok
21:31:52.0550 3376        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:31:52.0577 3376        wcncsvc - ok
21:31:52.0585 3376        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:31:52.0599 3376        WcsPlugInService - ok
21:31:52.0607 3376        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:31:52.0618 3376        Wd - ok
21:31:52.0633 3376        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:31:52.0658 3376        Wdf01000 - ok
21:31:52.0667 3376        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:31:52.0698 3376        WdiServiceHost - ok
21:31:52.0702 3376        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:31:52.0723 3376        WdiSystemHost - ok
21:31:52.0734 3376        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:31:52.0760 3376        WebClient - ok
21:31:52.0770 3376        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:31:52.0818 3376        Wecsvc - ok
21:31:52.0826 3376        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:31:52.0870 3376        wercplsupport - ok
21:31:52.0879 3376        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:31:52.0923 3376        WerSvc - ok
21:31:52.0931 3376        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:31:52.0973 3376        WfpLwf - ok
21:31:52.0981 3376        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:31:52.0991 3376        WIMMount - ok
21:31:52.0994 3376        WinDefend - ok
21:31:52.0999 3376        WinHttpAutoProxySvc - ok
21:31:53.0011 3376        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:31:53.0056 3376        Winmgmt - ok
21:31:53.0087 3376        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:31:53.0164 3376        WinRM - ok
21:31:53.0177 3376        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:31:53.0194 3376        WinUsb - ok
21:31:53.0211 3376        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:31:53.0247 3376        Wlansvc - ok
21:31:53.0256 3376        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:31:53.0269 3376        WmiAcpi - ok
21:31:53.0281 3376        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:31:53.0298 3376        wmiApSrv - ok
21:31:53.0301 3376        WMPNetworkSvc - ok
21:31:53.0310 3376        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:31:53.0324 3376        WPCSvc - ok
21:31:53.0333 3376        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:31:53.0350 3376        WPDBusEnum - ok
21:31:53.0358 3376        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:31:53.0400 3376        ws2ifsl - ok
21:31:53.0408 3376        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:31:53.0430 3376        wscsvc - ok
21:31:53.0436 3376        WSearch - ok
21:31:53.0473 3376        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:31:53.0556 3376        wuauserv - ok
21:31:53.0566 3376        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:31:53.0609 3376        WudfPf - ok
21:31:53.0619 3376        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:53.0662 3376        WUDFRd - ok
21:31:53.0671 3376        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:31:53.0714 3376        wudfsvc - ok
21:31:53.0724 3376        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:31:53.0748 3376        WwanSvc - ok
21:31:53.0756 3376        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:31:53.0787 3376        \Device\Harddisk0\DR0 - ok
21:31:53.0800 3376        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:31:53.0860 3376        \Device\Harddisk1\DR1 - ok
21:31:53.0862 3376        Boot (0x1200)  (7a4a73f933c76a907f73f54e5100c927) \Device\Harddisk0\DR0\Partition0
21:31:53.0863 3376        \Device\Harddisk0\DR0\Partition0 - ok
21:31:53.0866 3376        Boot (0x1200)  (9867455a6cc1449b58b13e4bd4d3c71f) \Device\Harddisk0\DR0\Partition1
21:31:53.0867 3376        \Device\Harddisk0\DR0\Partition1 - ok
21:31:53.0870 3376        Boot (0x1200)  (60a121c2727f99c00fa2447eeff7eef1) \Device\Harddisk1\DR1\Partition0
21:31:53.0871 3376        \Device\Harddisk1\DR1\Partition0 - ok
21:31:53.0871 3376        ============================================================
21:31:53.0871 3376        Scan finished
21:31:53.0871 3376        ============================================================
21:31:53.0880 3200        Detected object count: 1
21:31:53.0880 3200        Actual detected object count: 1
21:32:07.0697 3200        SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:07.0697 3200        SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 27.03.2012 21:05
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

covellite 27.03.2012 21:33
Ok. Auch das ist jetzt erledigt.
Code:
ComboFix 12-03-27.03 - Mareike 27.03.2012  22:13:16.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8169.7097 [GMT 2:00]
ausgeführt von:: c:\users\Mareike\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 20:19 . 2012-03-27 20:19        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19        --------        d-----w-        c:\users\Mareike\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19        --------        d-----w-        c:\users\Admin\AppData\Local\temp
2012-03-27 16:56 . 2012-03-27 16:56        --------        d-----w-        c:\users\Mareike\AppData\Local\VirtualStore
2012-03-27 16:20 . 2012-03-27 16:20        --------        d-----w-        C:\_OTL
2012-03-26 17:12 . 2012-03-26 17:12        --------        d-----w-        c:\program files (x86)\ESET
2012-03-26 05:33 . 2012-03-26 05:33        --------        d-----w-        c:\users\Mareike\AppData\Roaming\Malwarebytes
2012-03-26 05:32 . 2012-03-26 05:32        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-26 05:32 . 2012-03-26 05:32        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 05:32 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-19 08:38 . 2012-03-19 08:38        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 08:38 . 2012-03-19 08:38        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 05:53 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 05:53 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:53 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:50 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{52B71A7E-0919-449C-8D50-5A0AA6607511}\mpengine.dll
2012-03-14 05:50 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 05:50 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 05:50 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 05:50 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:50 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:50 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 05:50 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 05:50 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 05:50 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:50 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-11 19:23 . 1998-10-29 15:45        306688        ----a-w-        c:\windows\IsUninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-02-22 18:19        962368        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-02-22 18:19        812352        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-02-22 18:19        8008000        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 18:19        7713088        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 18:19        68928        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 18:19        61248        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 18:19        5892928        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 18:19        364352        ----a-w-        c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-22 18:19        301376        ----a-w-        c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-22 18:19        2872640        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 18:19        2672448        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 18:19        260416        ----a-w-        c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-02-22 18:19        25222976        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 18:19        2517312        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 18:19        2437440        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 18:19        2301248        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-02-10 04:13 . 2012-02-22 18:19        215360        ----a-w-        c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-02-22 18:19        19443520        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 18:19        17642816        ----a-w-        c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-02-22 18:19        17543488        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 18:19        1737536        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-02-22 18:19        1466176        ----a-w-        c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-02-22 18:19        13624128        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-05-21 04:01        25541952        ----a-w-        c:\windows\system32\nvoglv64.dll
2012-02-10 04:13 . 2011-05-21 04:01        15009600        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2010-07-31 14:46        9717568        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2010-07-31 14:46        2660160        ----a-w-        c:\windows\system32\nvapi64.dll
2012-02-10 03:14 . 2010-07-31 06:52        6074176        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2010-07-31 06:52        3089728        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2010-07-31 06:52        2561856        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-02-10 03:07 . 2010-07-31 06:52        63296        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-10 03:07 . 2010-07-31 06:52        118080        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-10 03:07 . 2010-07-31 06:52        889664        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-10 03:05 . 2012-02-22 18:20        2497985        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-01-17 12:46 . 2012-02-22 18:19        31040        ----a-w-        c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-02-22 18:19        188224        ----a-w-        c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-02-22 18:19        1451840        ----a-w-        c:\windows\system32\nvhdagenco6420103.dll
2012-01-04 10:44 . 2012-02-21 17:06        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-21 17:06        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-21 17:06        515584        ----a-w-        c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-21 17:06        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2011-05-15 05:35 . 2011-05-15 05:35        12535496        ----a-w-        c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        94208        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        94208        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        94208        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        94208        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-06-23 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2011-06-21 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-06-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26980425
*Deregistered* - 26980425
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02        97792        ----a-w-        c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Baldur's Gate - t:\programme\black isle\baldur's gate\Uninst.isu
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{B442D7D6-5153-4DBC-954D-BFFAACACDFDC}_is1 - t:\programme\SteamTool\unins000.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-27  22:30:59
ComboFix-quarantined-files.txt  2012-03-27 20:30
.
Vor Suchlauf: 10 Verzeichnis(se), 31.928.819.712 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 31.877.885.952 Bytes frei
.
- - End Of File - - 4156F7F7A7621490512B319FF78A65CA

cosinus 28.03.2012 10:06
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

covellite 28.03.2012 17:29
Ok. Fertig.
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 18:19:37
-----------------------------
18:19:37.385    OS Version: Windows x64 6.1.7601 Service Pack 1
18:19:37.385    Number of processors: 4 586 0x2A07
18:19:37.385    ComputerName: ADMIN-PC  UserName: Mareike
18:19:37.539    Initialize success
18:20:35.016    AVAST engine defs: 12032801
18:20:45.801    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:20:45.803    Disk 0 Vendor: C300-CTF 0006 Size: 122104MB BusType: 3
18:20:45.806    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:20:45.808    Disk 1 Vendor: SAMSUNG_ 1AG0 Size: 953869MB BusType: 3
18:20:45.812    Disk 0 MBR read successfully
18:20:45.815    Disk 0 MBR scan
18:20:45.819    Disk 0 Windows 7 default MBR code
18:20:45.822    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:20:45.827    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      122002 MB offset 206848
18:20:45.835    Disk 0 scanning C:\Windows\system32\drivers
18:20:49.121    Service scanning
18:20:56.720    Modules scanning
18:20:56.729    Disk 0 trace - called modules:
18:20:57.536    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:20:57.541    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c97060]
18:20:57.546    3 CLASSPNP.SYS[fffff88001da343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006d1c050]
18:20:57.698    AVAST engine scan C:\Windows
18:20:58.432    AVAST engine scan C:\Windows\system32
18:21:59.876    AVAST engine scan C:\Windows\system32\drivers
18:22:03.600    AVAST engine scan C:\Users\Mareike
18:22:11.073    AVAST engine scan C:\ProgramData
18:22:17.099    Scan finished successfully
18:24:43.732    Disk 0 MBR has been saved successfully to "C:\Users\Mareike\Desktop\MBR.dat"
18:24:43.737    The log file has been saved successfully to "C:\Users\Mareike\Desktop\aswMBR.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:22 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28