Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Mediyes.EB.1 & TR/ATRAPS.Gen (https://www.trojaner-board.de/116308-tr-mediyes-eb-1-tr-atraps-gen.html)

Cersus 02.06.2012 19:28
TR/Mediyes.EB.1 & TR/ATRAPS.Gen
 
Ich habe festgestellt, dass Mein Computer von den Trojanern TR/Medyies.EB.1 und TR/ATRAPS.Gen befallen ist. Was sollte ich jetzt machen?

Danke für die Hilfe


OTL-Code:
Code:
OTL logfile created on: 01.06.2012 22:12:24 - Run 2
OTL by OldTimer - Version 3.2.45.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.98 Gb Total Physical Memory | 13.18 Gb Available Physical Memory | 82.45% Memory free
31.96 Gb Paging File | 28.83 Gb Available in Paging File | 90.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.67 Gb Total Space | 680.09 Gb Free Space | 74.35% Space Free | Partition Type: NTFS
 
Computer Name: ULTRA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\avutil-51.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\avformat-54.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\avcodec-54.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\gcswf32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (stllssvr) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/17
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" File not found
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\system32\d3dyqd21c.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D5F8CA5-7AFF-4038-9CEB-E03F84F088AA}: DhcpNameServer = 10.72.0.68 10.72.0.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A57A9FC1-3BF3-4CD8-A14B-A3AE005A61BE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAC56686-ECD0-4946-B81D-A473D51AD4AE}: DhcpNameServer = 10.9.11.21 10.9.11.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 21:43:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.18 11:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.05.15 14:53:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Curse
[2012.05.15 14:50:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.05.13 18:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.13 18:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.13 18:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.12 11:33:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.12 11:33:25 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.12 11:33:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.12 11:33:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.08 17:48:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SniperV2
[2012.05.08 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SKIDROW
[2012.05.08 17:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012.05.08 17:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion
[2012.05.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\jagexcache
[2012.05.04 20:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.04 20:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.04 20:26:10 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 22:12:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
[2012.06.01 22:10:52 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.01 22:08:06 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.01 21:43:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.01 19:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.01 17:01:37 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
[2012.06.01 16:48:40 | 000,002,371 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2012.06.01 16:47:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.05.31 18:16:58 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 18:16:58 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 18:12:52 | 001,614,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.31 18:12:52 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.31 18:12:52 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.31 18:12:52 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.31 18:12:52 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.31 18:08:28 | 4281,131,006 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 23:02:28 | 000,257,541 | ---- | M] () -- C:\Users\***\Documents\000.ducksauce-barbrastcof5.jpg
[2012.05.18 11:59:21 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.05.13 10:20:22 | 004,878,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 21:11:40 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 21:11:40 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.08 17:44:04 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012.05.07 18:42:45 | 000,000,001 | ---- | M] () -- C:\Users\***\random.dat
[2012.05.07 18:42:03 | 000,000,046 | ---- | M] () -- C:\Users\***\jagex_cl_runescape_LIVE.dat
[2012.05.06 12:52:03 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.04 20:26:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 20:26:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.06.01 22:10:52 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.01 22:08:06 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.29 23:02:29 | 000,257,541 | ---- | C] () -- C:\Users\***\Documents\000.ducksauce-barbrastcof5.jpg
[2012.05.18 11:12:24 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.05.08 17:44:04 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012.05.07 18:42:03 | 000,000,046 | ---- | C] () -- C:\Users\***\jagex_cl_runescape_LIVE.dat
[2012.05.07 18:42:03 | 000,000,001 | ---- | C] () -- C:\Users\***\random.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.19 18:33:50 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.19 18:33:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.26 23:59:46 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.11.29 20:51:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.29 20:28:02 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.11.29 20:28:02 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.11.29 20:28:02 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.11.29 20:28:01 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.11.29 20:28:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.10 16:33:46 | 001,591,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.05.23 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.04.30 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.Nitrous
[2012.05.30 22:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2011.12.26 01:08:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fingertapps
[2012.02.26 23:26:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.04.24 20:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2012.03.04 00:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Guitar Pro 6
[2012.04.21 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.12.26 01:08:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.04.19 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2012.04.30 14:25:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MinecraftTools
[2011.12.26 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2012.01.19 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2012.05.21 20:30:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.26 13:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.03.10 00:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.01.11 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011.12.26 12:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4
[2012.05.06 12:52:03 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.20 10:35:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.01 16:47:13 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >

Psychotic 03.06.2012 23:16
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Cersus 04.06.2012 17:23
Ich habe deine Schritte befolgt, hier nun die Log-files:

aswMBR:

Ich habe deine Schritte befolgt, hier sind die Logs:

aswMBR:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-04 18:06:01
-----------------------------
18:06:01.613    OS Version: Windows x64 6.1.7601 Service Pack 1
18:06:01.613    Number of processors: 8 586 0x2A07
18:06:01.613    ComputerName: ULTRA  UserName:
18:06:03.267    Initialize success
18:06:05.872    AVAST engine defs: 12060400
18:06:08.493    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:06:08.493    Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
18:06:08.493    Disk 0 MBR read successfully
18:06:08.493    Disk 0 MBR scan
18:06:08.508    Disk 0 Windows 7 default MBR code
18:06:08.508    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      180 MB offset 63
18:06:08.524    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        17066 MB offset 370688
18:06:08.539    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      936627 MB offset 35321856
18:06:08.539    Disk 0 scanning C:\Windows\system32\drivers
18:06:17.915    Service scanning
18:06:32.563    Modules scanning
18:06:32.563    Disk 0 trace - called modules:
18:06:32.579    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:06:32.579    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f365790]
18:06:32.579    3 CLASSPNP.SYS[fffff88001b8c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d871050]
18:06:33.234    AVAST engine scan C:\Windows
18:06:34.545    AVAST engine scan C:\Windows\system32
18:09:43.742    AVAST engine scan C:\Windows\system32\drivers
18:09:54.007    AVAST engine scan C:\Users\***
18:13:18.242    AVAST engine scan C:\ProgramData
18:14:41.765    Scan finished successfully
18:15:24.150    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:15:24.150    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
TDSSKiller:
Code:
18:18:27.0889 4972        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:18:28.0061 4972        ============================================================
18:18:28.0061 4972        Current date / time: 2012/06/04 18:18:28.0061
18:18:28.0061 4972        SystemInfo:
18:18:28.0061 4972       
18:18:28.0061 4972        OS Version: 6.1.7601 ServicePack: 1.0
18:18:28.0061 4972        Product type: Workstation
18:18:28.0061 4972        ComputerName: ULTRA
18:18:28.0061 4972        UserName: ***
18:18:28.0061 4972        Windows directory: C:\Windows
18:18:28.0061 4972        System windows directory: C:\Windows
18:18:28.0061 4972        Running under WOW64
18:18:28.0061 4972        Processor architecture: Intel x64
18:18:28.0061 4972        Number of processors: 8
18:18:28.0061 4972        Page size: 0x1000
18:18:28.0061 4972        Boot type: Normal boot
18:18:28.0061 4972        ============================================================
18:18:28.0451 4972        Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:18:28.0467 4972        ============================================================
18:18:28.0467 4972        \Device\Harddisk0\DR0:
18:18:28.0467 4972        MBR partitions:
18:18:28.0467 4972        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5A800, BlocksNum 0x2155000
18:18:28.0467 4972        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21AF800, BlocksNum 0x72559800
18:18:28.0467 4972        ============================================================
18:18:28.0498 4972        C: <-> \Device\Harddisk0\DR0\Partition1
18:18:28.0498 4972        ============================================================
18:18:28.0498 4972        Initialize success
18:18:28.0498 4972        ============================================================
18:18:50.0054 3664        ============================================================
18:18:50.0054 3664        Scan started
18:18:50.0054 3664        Mode: Manual; TDLFS;
18:18:50.0054 3664        ============================================================
18:18:50.0428 3664        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:18:50.0428 3664        1394ohci - ok
18:18:50.0475 3664        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:18:50.0475 3664        ACPI - ok
18:18:50.0491 3664        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:18:50.0491 3664        AcpiPmi - ok
18:18:50.0506 3664        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:18:50.0506 3664        adp94xx - ok
18:18:50.0537 3664        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:18:50.0537 3664        adpahci - ok
18:18:50.0553 3664        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:18:50.0553 3664        adpu320 - ok
18:18:50.0584 3664        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:18:50.0584 3664        AeLookupSvc - ok
18:18:50.0647 3664        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:18:50.0647 3664        AFD - ok
18:18:50.0678 3664        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:18:50.0678 3664        agp440 - ok
18:18:50.0709 3664        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:18:50.0709 3664        ALG - ok
18:18:50.0709 3664        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:18:50.0709 3664        aliide - ok
18:18:50.0787 3664        ALSysIO - ok
18:18:50.0834 3664        AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
18:18:50.0834 3664        AMD External Events Utility - ok
18:18:50.0881 3664        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:18:50.0881 3664        amdide - ok
18:18:50.0896 3664        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:18:50.0912 3664        AmdK8 - ok
18:18:51.0068 3664        amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:18:51.0177 3664        amdkmdag - ok
18:18:51.0255 3664        amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:18:51.0255 3664        amdkmdap - ok
18:18:51.0286 3664        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:18:51.0286 3664        AmdPPM - ok
18:18:51.0317 3664        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:18:51.0317 3664        amdsata - ok
18:18:51.0364 3664        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:18:51.0380 3664        amdsbs - ok
18:18:51.0395 3664        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:18:51.0395 3664        amdxata - ok
18:18:51.0473 3664        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:18:51.0473 3664        AntiVirSchedulerService - ok
18:18:51.0489 3664        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:18:51.0489 3664        AntiVirService - ok
18:18:51.0536 3664        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:18:51.0536 3664        AppID - ok
18:18:51.0551 3664        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:18:51.0551 3664        AppIDSvc - ok
18:18:51.0567 3664        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:18:51.0567 3664        Appinfo - ok
18:18:51.0645 3664        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:18:51.0645 3664        Apple Mobile Device - ok
18:18:51.0707 3664        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:18:51.0707 3664        AppMgmt - ok
18:18:51.0723 3664        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:18:51.0723 3664        arc - ok
18:18:51.0754 3664        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:18:51.0754 3664        arcsas - ok
18:18:51.0832 3664        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:18:51.0848 3664        aspnet_state - ok
18:18:51.0863 3664        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:18:51.0863 3664        AsyncMac - ok
18:18:51.0895 3664        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:18:51.0895 3664        atapi - ok
18:18:51.0926 3664        AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
18:18:51.0926 3664        AtiHDAudioService - ok
18:18:51.0988 3664        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:18:51.0988 3664        AudioEndpointBuilder - ok
18:18:52.0004 3664        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:18:52.0004 3664        AudioSrv - ok
18:18:52.0035 3664        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:18:52.0035 3664        avgntflt - ok
18:18:52.0051 3664        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:18:52.0051 3664        avipbb - ok
18:18:52.0082 3664        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:18:52.0082 3664        avkmgr - ok
18:18:52.0097 3664        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:18:52.0097 3664        AxInstSV - ok
18:18:52.0191 3664        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:18:52.0207 3664        b06bdrv - ok
18:18:52.0238 3664        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:18:52.0238 3664        b57nd60a - ok
18:18:52.0378 3664        BCM43XX        (0b0df4cd7c2c188c95c4e09c568ad54a) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:18:52.0409 3664        BCM43XX - ok
18:18:52.0425 3664        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:18:52.0425 3664        BDESVC - ok
18:18:52.0456 3664        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:18:52.0456 3664        Beep - ok
18:18:52.0519 3664        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:18:52.0519 3664        BFE - ok
18:18:52.0565 3664        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:18:52.0581 3664        BITS - ok
18:18:52.0581 3664        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:18:52.0597 3664        blbdrive - ok
18:18:52.0675 3664        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:18:52.0675 3664        Bonjour Service - ok
18:18:52.0706 3664        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:18:52.0706 3664        bowser - ok
18:18:52.0753 3664        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:18:52.0753 3664        BrFiltLo - ok
18:18:52.0753 3664        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:18:52.0753 3664        BrFiltUp - ok
18:18:52.0784 3664        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:18:52.0799 3664        Browser - ok
18:18:52.0815 3664        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:18:52.0815 3664        Brserid - ok
18:18:52.0831 3664        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:18:52.0831 3664        BrSerWdm - ok
18:18:52.0831 3664        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:18:52.0831 3664        BrUsbMdm - ok
18:18:52.0831 3664        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:18:52.0831 3664        BrUsbSer - ok
18:18:52.0831 3664        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:18:52.0831 3664        BTHMODEM - ok
18:18:52.0862 3664        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:18:52.0862 3664        bthserv - ok
18:18:52.0877 3664        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:18:52.0877 3664        cdfs - ok
18:18:52.0909 3664        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:18:52.0909 3664        cdrom - ok
18:18:52.0940 3664        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:18:52.0940 3664        CertPropSvc - ok
18:18:52.0940 3664        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:18:52.0940 3664        circlass - ok
18:18:52.0987 3664        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:18:52.0987 3664        CLFS - ok
18:18:53.0111 3664        CLHNServiceForPowerDVD12 (4c6406cf07d4ebb70c5774d55c6688fb) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
18:18:53.0127 3664        CLHNServiceForPowerDVD12 - ok
18:18:53.0205 3664        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:18:53.0221 3664        clr_optimization_v2.0.50727_32 - ok
18:18:53.0267 3664        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:18:53.0283 3664        clr_optimization_v2.0.50727_64 - ok
18:18:53.0361 3664        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:18:53.0361 3664        clr_optimization_v4.0.30319_32 - ok
18:18:53.0392 3664        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:18:53.0392 3664        clr_optimization_v4.0.30319_64 - ok
18:18:53.0408 3664        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:18:53.0408 3664        CmBatt - ok
18:18:53.0423 3664        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:18:53.0423 3664        cmdide - ok
18:18:53.0470 3664        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:18:53.0470 3664        CNG - ok
18:18:53.0486 3664        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:18:53.0486 3664        Compbatt - ok
18:18:53.0517 3664        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:18:53.0517 3664        CompositeBus - ok
18:18:53.0517 3664        COMSysApp - ok
18:18:53.0517 3664        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:18:53.0517 3664        crcdisk - ok
18:18:53.0564 3664        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:18:53.0564 3664        CryptSvc - ok
18:18:53.0611 3664        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:18:53.0611 3664        CSC - ok
18:18:53.0657 3664        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:18:53.0657 3664        CscService - ok
18:18:53.0735 3664        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:18:53.0735 3664        cvhsvc - ok
18:18:53.0798 3664        CyberLink PowerDVD 12 Media Server Monitor Service (ea22bca708b37b82adebc822a171b92e) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
18:18:53.0798 3664        CyberLink PowerDVD 12 Media Server Monitor Service - ok
18:18:53.0829 3664        CyberLink PowerDVD 12 Media Server Service (3168d2f171a64590e7a11355cae60a1e) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
18:18:53.0829 3664        CyberLink PowerDVD 12 Media Server Service - ok
18:18:53.0891 3664        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:18:53.0891 3664        DcomLaunch - ok
18:18:53.0938 3664        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:18:53.0938 3664        defragsvc - ok
18:18:53.0969 3664        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:18:53.0969 3664        DfsC - ok
18:18:54.0016 3664        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:18:54.0016 3664        Dhcp - ok
18:18:54.0032 3664        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:18:54.0032 3664        discache - ok
18:18:54.0047 3664        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:18:54.0047 3664        Disk - ok
18:18:54.0094 3664        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
18:18:54.0094 3664        dmvsc - ok
18:18:54.0219 3664        Dnscache        (ad9228fc822020c075271e1f4384be3c) C:\Windows\System32\pouawfiuj.dll
18:18:54.0219 3664        Dnscache - ok
18:18:54.0266 3664        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:18:54.0266 3664        dot3svc - ok
18:18:54.0297 3664        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:18:54.0297 3664        DPS - ok
18:18:54.0313 3664        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:18:54.0313 3664        drmkaud - ok
18:18:54.0359 3664        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:18:54.0375 3664        DXGKrnl - ok
18:18:54.0406 3664        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:18:54.0406 3664        EapHost - ok
18:18:54.0515 3664        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:18:54.0547 3664        ebdrv - ok
18:18:54.0578 3664        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:18:54.0578 3664        EFS - ok
18:18:54.0640 3664        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:18:54.0656 3664        ehRecvr - ok
18:18:54.0687 3664        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:18:54.0687 3664        ehSched - ok
18:18:54.0749 3664        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:18:54.0749 3664        elxstor - ok
18:18:54.0749 3664        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:18:54.0749 3664        ErrDev - ok
18:18:54.0812 3664        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:18:54.0812 3664        EventSystem - ok
18:18:54.0812 3664        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:18:54.0812 3664        exfat - ok
18:18:54.0843 3664        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:18:54.0843 3664        fastfat - ok
18:18:54.0890 3664        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:18:54.0905 3664        Fax - ok
18:18:54.0905 3664        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:18:54.0905 3664        fdc - ok
18:18:54.0921 3664        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:18:54.0921 3664        fdPHost - ok
18:18:54.0937 3664        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:18:54.0937 3664        FDResPub - ok
18:18:54.0968 3664        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:18:54.0968 3664        FileInfo - ok
18:18:54.0983 3664        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:18:54.0983 3664        Filetrace - ok
18:18:55.0046 3664        FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:18:55.0061 3664        FLEXnet Licensing Service - ok
18:18:55.0061 3664        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:18:55.0061 3664        flpydisk - ok
18:18:55.0093 3664        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:18:55.0093 3664        FltMgr - ok
18:18:55.0155 3664        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:18:55.0171 3664        FontCache - ok
18:18:55.0233 3664        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:18:55.0233 3664        FontCache3.0.0.0 - ok
18:18:55.0249 3664        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:18:55.0249 3664        FsDepends - ok
18:18:55.0280 3664        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:18:55.0280 3664        Fs_Rec - ok
18:18:55.0311 3664        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:18:55.0311 3664        fvevol - ok
18:18:55.0327 3664        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:18:55.0327 3664        gagp30kx - ok
18:18:55.0358 3664        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:18:55.0358 3664        GEARAspiWDM - ok
18:18:55.0405 3664        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:18:55.0420 3664        gpsvc - ok
18:18:55.0483 3664        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:18:55.0483 3664        hamachi - ok
18:18:55.0498 3664        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:18:55.0498 3664        hcw85cir - ok
18:18:55.0545 3664        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:18:55.0545 3664        HdAudAddService - ok
18:18:55.0592 3664        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:18:55.0592 3664        HDAudBus - ok
18:18:55.0592 3664        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:18:55.0592 3664        HidBatt - ok
18:18:55.0607 3664        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:18:55.0623 3664        HidBth - ok
18:18:55.0639 3664        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:18:55.0639 3664        HidIr - ok
18:18:55.0654 3664        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:18:55.0654 3664        hidserv - ok
18:18:55.0685 3664        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:18:55.0685 3664        HidUsb - ok
18:18:55.0701 3664        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:18:55.0701 3664        hkmsvc - ok
18:18:55.0717 3664        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:18:55.0732 3664        HomeGroupListener - ok
18:18:55.0748 3664        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:18:55.0748 3664        HomeGroupProvider - ok
18:18:55.0763 3664        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:18:55.0763 3664        HpSAMD - ok
18:18:55.0810 3664        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:18:55.0810 3664        HTTP - ok
18:18:55.0826 3664        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:18:55.0826 3664        hwpolicy - ok
18:18:55.0841 3664        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:18:55.0857 3664        i8042prt - ok
18:18:55.0904 3664        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
18:18:55.0904 3664        iaStor - ok
18:18:55.0951 3664        IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:18:55.0951 3664        IAStorDataMgrSvc - ok
18:18:55.0982 3664        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:18:55.0982 3664        iaStorV - ok
18:18:56.0075 3664        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:18:56.0091 3664        IDriverT - ok
18:18:56.0153 3664        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:18:56.0169 3664        idsvc - ok
18:18:56.0200 3664        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:18:56.0200 3664        iirsp - ok
18:18:56.0263 3664        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:18:56.0263 3664        IKEEXT - ok
18:18:56.0294 3664        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
18:18:56.0294 3664        Impcd - ok
18:18:56.0419 3664        IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
18:18:56.0434 3664        IntcAzAudAddService - ok
18:18:56.0497 3664        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:18:56.0497 3664        IntcDAud - ok
18:18:56.0512 3664        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:18:56.0512 3664        intelide - ok
18:18:56.0559 3664        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:18:56.0559 3664        intelppm - ok
18:18:56.0590 3664        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:18:56.0590 3664        IPBusEnum - ok
18:18:56.0621 3664        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:18:56.0621 3664        IpFilterDriver - ok
18:18:56.0668 3664        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:18:56.0684 3664        iphlpsvc - ok
18:18:56.0684 3664        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:18:56.0684 3664        IPMIDRV - ok
18:18:56.0684 3664        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:18:56.0699 3664        IPNAT - ok
18:18:56.0777 3664        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:18:56.0793 3664        iPod Service - ok
18:18:56.0809 3664        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:18:56.0809 3664        IRENUM - ok
18:18:56.0824 3664        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:18:56.0824 3664        isapnp - ok
18:18:56.0855 3664        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:18:56.0855 3664        iScsiPrt - ok
18:18:56.0902 3664        k57nd60a        (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:18:56.0902 3664        k57nd60a - ok
18:18:56.0918 3664        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:18:56.0918 3664        kbdclass - ok
18:18:56.0933 3664        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:18:56.0933 3664        kbdhid - ok
18:18:56.0949 3664        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:18:56.0949 3664        KeyIso - ok
18:18:56.0965 3664        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:18:56.0965 3664        KSecDD - ok
18:18:56.0980 3664        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:18:56.0980 3664        KSecPkg - ok
18:18:56.0996 3664        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:18:56.0996 3664        ksthunk - ok
18:18:57.0043 3664        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:18:57.0043 3664        KtmRm - ok
18:18:57.0089 3664        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:18:57.0089 3664        LanmanServer - ok
18:18:57.0121 3664        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:18:57.0121 3664        lltdio - ok
18:18:57.0152 3664        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:18:57.0152 3664        lltdsvc - ok
18:18:57.0167 3664        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:18:57.0167 3664        lmhosts - ok
18:18:57.0214 3664        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:18:57.0214 3664        LSI_FC - ok
18:18:57.0230 3664        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:18:57.0230 3664        LSI_SAS - ok
18:18:57.0230 3664        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:18:57.0245 3664        LSI_SAS2 - ok
18:18:57.0245 3664        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:18:57.0245 3664        LSI_SCSI - ok
18:18:57.0261 3664        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:18:57.0261 3664        luafv - ok
18:18:57.0292 3664        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:18:57.0292 3664        Mcx2Svc - ok
18:18:57.0308 3664        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:18:57.0308 3664        megasas - ok
18:18:57.0308 3664        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:18:57.0308 3664        MegaSR - ok
18:18:57.0355 3664        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:18:57.0355 3664        MEIx64 - ok
18:18:57.0370 3664        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:18:57.0370 3664        MMCSS - ok
18:18:57.0386 3664        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:18:57.0386 3664        Modem - ok
18:18:57.0386 3664        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:18:57.0386 3664        monitor - ok
18:18:57.0417 3664        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:18:57.0417 3664        mouclass - ok
18:18:57.0417 3664        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:18:57.0417 3664        mouhid - ok
18:18:57.0448 3664        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:18:57.0448 3664        mountmgr - ok
18:18:57.0448 3664        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:18:57.0448 3664        mpio - ok
18:18:57.0464 3664        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:18:57.0464 3664        mpsdrv - ok
18:18:57.0526 3664        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:18:57.0526 3664        MpsSvc - ok
18:18:57.0542 3664        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:18:57.0542 3664        MRxDAV - ok
18:18:57.0573 3664        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:18:57.0573 3664        mrxsmb - ok
18:18:57.0604 3664        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:18:57.0604 3664        mrxsmb10 - ok
18:18:57.0635 3664        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:18:57.0635 3664        mrxsmb20 - ok
18:18:57.0667 3664        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:18:57.0667 3664        msahci - ok
18:18:57.0698 3664        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:18:57.0713 3664        msdsm - ok
18:18:57.0745 3664        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:18:57.0745 3664        MSDTC - ok
18:18:57.0760 3664        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:18:57.0760 3664        Msfs - ok
18:18:57.0776 3664        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:18:57.0776 3664        mshidkmdf - ok
18:18:57.0791 3664        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:18:57.0791 3664        msisadrv - ok
18:18:57.0838 3664        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:18:57.0838 3664        MSiSCSI - ok
18:18:57.0838 3664        msiserver - ok
18:18:57.0854 3664        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:18:57.0854 3664        MSKSSRV - ok
18:18:57.0869 3664        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:18:57.0869 3664        MSPCLOCK - ok
18:18:57.0869 3664        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:18:57.0869 3664        MSPQM - ok
18:18:57.0901 3664        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:18:57.0901 3664        MsRPC - ok
18:18:57.0916 3664        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:18:57.0916 3664        mssmbios - ok
18:18:57.0916 3664        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:18:57.0916 3664        MSTEE - ok
18:18:57.0916 3664        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:18:57.0916 3664        MTConfig - ok
18:18:57.0932 3664        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:18:57.0932 3664        Mup - ok
18:18:57.0979 3664        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:18:57.0979 3664        napagent - ok
18:18:58.0025 3664        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:18:58.0025 3664        NativeWifiP - ok
18:18:58.0088 3664        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:18:58.0088 3664        NDIS - ok
18:18:58.0119 3664        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:18:58.0119 3664        NdisCap - ok
18:18:58.0135 3664        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:18:58.0135 3664        NdisTapi - ok
18:18:58.0150 3664        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:18:58.0150 3664        Ndisuio - ok
18:18:58.0166 3664        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:18:58.0181 3664        NdisWan - ok
18:18:58.0213 3664        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:18:58.0213 3664        NDProxy - ok
18:18:58.0259 3664        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
18:18:58.0259 3664        Netaapl - ok
18:18:58.0291 3664        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:18:58.0291 3664        NetBIOS - ok
18:18:58.0322 3664        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:18:58.0322 3664        NetBT - ok
18:18:58.0322 3664        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:18:58.0322 3664        Netlogon - ok
18:18:58.0384 3664        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:18:58.0384 3664        Netman - ok
18:18:58.0462 3664        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0478 3664        NetMsmqActivator - ok
18:18:58.0493 3664        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0493 3664        NetPipeActivator - ok
18:18:58.0525 3664        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:18:58.0525 3664        netprofm - ok
18:18:58.0525 3664        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0540 3664        NetTcpActivator - ok
18:18:58.0540 3664        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0540 3664        NetTcpPortSharing - ok
18:18:58.0571 3664        netvsc          (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
18:18:58.0571 3664        netvsc - ok
18:18:58.0603 3664        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:18:58.0603 3664        nfrd960 - ok
18:18:58.0649 3664        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:18:58.0649 3664        NlaSvc - ok
18:18:58.0665 3664        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:18:58.0665 3664        Npfs - ok
18:18:58.0681 3664        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:18:58.0681 3664        nsi - ok
18:18:58.0696 3664        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:18:58.0696 3664        nsiproxy - ok
18:18:58.0774 3664        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:18:58.0790 3664        Ntfs - ok
18:18:58.0915 3664        ntk_PowerDVD12  (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
18:18:58.0915 3664        ntk_PowerDVD12 - ok
18:18:58.0977 3664        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:18:58.0977 3664        Null - ok
18:18:59.0008 3664        nusb3hub        (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:18:59.0008 3664        nusb3hub - ok
18:18:59.0055 3664        nusb3xhc        (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:18:59.0055 3664        nusb3xhc - ok
18:18:59.0086 3664        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:18:59.0086 3664        nvraid - ok
18:18:59.0133 3664        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:18:59.0133 3664        nvstor - ok
18:18:59.0180 3664        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:18:59.0180 3664        nv_agp - ok
18:18:59.0180 3664        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:18:59.0180 3664        ohci1394 - ok
18:18:59.0258 3664        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:18:59.0273 3664        ose - ok
18:18:59.0461 3664        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:18:59.0492 3664        osppsvc - ok
18:18:59.0539 3664        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:18:59.0539 3664        p2pimsvc - ok
18:18:59.0570 3664        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:18:59.0570 3664        p2psvc - ok
18:18:59.0601 3664        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:18:59.0601 3664        Parport - ok
18:18:59.0617 3664        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:18:59.0617 3664        partmgr - ok
18:18:59.0648 3664        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:18:59.0648 3664        PcaSvc - ok
18:18:59.0726 3664        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
18:18:59.0757 3664        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
18:18:59.0788 3664        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:18:59.0788 3664        pci - ok
18:18:59.0804 3664        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:18:59.0804 3664        pciide - ok
18:18:59.0835 3664        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:18:59.0835 3664        pcmcia - ok
18:18:59.0851 3664        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:18:59.0851 3664        pcw - ok
18:18:59.0897 3664        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:18:59.0897 3664        PEAUTH - ok
18:18:59.0960 3664        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:18:59.0975 3664        PeerDistSvc - ok
18:19:00.0053 3664        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:19:00.0053 3664        PerfHost - ok
18:19:00.0147 3664        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:19:00.0147 3664        pla - ok
18:19:00.0225 3664        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:19:00.0225 3664        PlugPlay - ok
18:19:00.0241 3664        PnkBstrA - ok
18:19:00.0256 3664        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:19:00.0256 3664        PNRPAutoReg - ok
18:19:00.0272 3664        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:19:00.0272 3664        PNRPsvc - ok
18:19:00.0319 3664        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:19:00.0319 3664        PolicyAgent - ok
18:19:00.0365 3664        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:19:00.0365 3664        Power - ok
18:19:00.0397 3664        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:19:00.0397 3664        PptpMiniport - ok
18:19:00.0428 3664        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:19:00.0428 3664        Processor - ok
18:19:00.0459 3664        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:19:00.0475 3664        ProfSvc - ok
18:19:00.0475 3664        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:00.0490 3664        ProtectedStorage - ok
18:19:00.0521 3664        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:19:00.0521 3664        Psched - ok
18:19:00.0553 3664        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:19:00.0553 3664        PxHlpa64 - ok
18:19:00.0646 3664        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:19:00.0646 3664        ql2300 - ok
18:19:00.0662 3664        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:19:00.0662 3664        ql40xx - ok
18:19:00.0693 3664        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:19:00.0709 3664        QWAVE - ok
18:19:00.0724 3664        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:19:00.0724 3664        QWAVEdrv - ok
18:19:00.0740 3664        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:19:00.0740 3664        RasAcd - ok
18:19:00.0740 3664        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:19:00.0740 3664        RasAgileVpn - ok
18:19:00.0755 3664        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:19:00.0755 3664        RasAuto - ok
18:19:00.0787 3664        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:00.0787 3664        Rasl2tp - ok
18:19:00.0818 3664        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:19:00.0833 3664        RasMan - ok
18:19:00.0849 3664        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:00.0849 3664        RasPppoe - ok
18:19:00.0849 3664        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:19:00.0849 3664        RasSstp - ok
18:19:00.0865 3664        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:19:00.0880 3664        rdbss - ok
18:19:00.0896 3664        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:19:00.0896 3664        rdpbus - ok
18:19:00.0911 3664        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:00.0911 3664        RDPCDD - ok
18:19:00.0943 3664        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:19:00.0958 3664        RDPDR - ok
18:19:00.0958 3664        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:19:00.0958 3664        RDPENCDD - ok
18:19:00.0974 3664        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:19:00.0974 3664        RDPREFMP - ok
18:19:01.0005 3664        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:19:01.0005 3664        RDPWD - ok
18:19:01.0052 3664        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:19:01.0052 3664        rdyboost - ok
18:19:01.0083 3664        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:19:01.0083 3664        RemoteAccess - ok
18:19:01.0114 3664        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:19:01.0114 3664        RemoteRegistry - ok
18:19:01.0239 3664        RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:19:01.0255 3664        RoxMediaDB12OEM - ok
18:19:01.0301 3664        RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:19:01.0301 3664        RoxWatch12 - ok
18:19:01.0333 3664        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:19:01.0333 3664        RpcEptMapper - ok
18:19:01.0348 3664        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:19:01.0348 3664        RpcLocator - ok
18:19:01.0379 3664        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:19:01.0379 3664        RpcSs - ok
18:19:01.0411 3664        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:19:01.0411 3664        rspndr - ok
18:19:01.0442 3664        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:19:01.0442 3664        s3cap - ok
18:19:01.0442 3664        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:01.0442 3664        SamSs - ok
18:19:01.0457 3664        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:19:01.0457 3664        sbp2port - ok
18:19:01.0489 3664        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:19:01.0504 3664        SCardSvr - ok
18:19:01.0504 3664        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:19:01.0504 3664        scfilter - ok
18:19:01.0551 3664        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:19:01.0567 3664        Schedule - ok
18:19:01.0582 3664        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:19:01.0582 3664        SCPolicySvc - ok
18:19:01.0613 3664        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:19:01.0629 3664        SDRSVC - ok
18:19:01.0645 3664        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:19:01.0645 3664        secdrv - ok
18:19:01.0660 3664        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:19:01.0676 3664        seclogon - ok
18:19:01.0707 3664        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:19:01.0707 3664        SENS - ok
18:19:01.0723 3664        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:19:01.0723 3664        SensrSvc - ok
18:19:01.0738 3664        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:19:01.0738 3664        Serenum - ok
18:19:01.0754 3664        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:19:01.0754 3664        Serial - ok
18:19:01.0769 3664        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:19:01.0769 3664        sermouse - ok
18:19:01.0801 3664        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:19:01.0801 3664        SessionEnv - ok
18:19:01.0801 3664        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:19:01.0801 3664        sffdisk - ok
18:19:01.0801 3664        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:19:01.0801 3664        sffp_mmc - ok
18:19:01.0816 3664        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:19:01.0816 3664        sffp_sd - ok
18:19:01.0816 3664        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:19:01.0816 3664        sfloppy - ok
18:19:01.0863 3664        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:19:01.0863 3664        Sftfs - ok
18:19:01.0925 3664        sftlist        (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:19:01.0941 3664        sftlist - ok
18:19:01.0957 3664        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:19:01.0957 3664        Sftplay - ok
18:19:01.0972 3664        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:19:01.0972 3664        Sftredir - ok
18:19:02.0066 3664        SftService      (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:19:02.0081 3664        SftService - ok
18:19:02.0097 3664        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:19:02.0097 3664        Sftvol - ok
18:19:02.0128 3664        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:19:02.0128 3664        sftvsa - ok
18:19:02.0175 3664        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:19:02.0175 3664        SharedAccess - ok
18:19:02.0222 3664        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:19:02.0237 3664        ShellHWDetection - ok
18:19:02.0269 3664        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:19:02.0269 3664        SiSRaid2 - ok
18:19:02.0300 3664        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:19:02.0300 3664        SiSRaid4 - ok
18:19:02.0362 3664        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:19:02.0393 3664        SkypeUpdate - ok
18:19:02.0393 3664        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:19:02.0393 3664        Smb - ok
18:19:02.0425 3664        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:19:02.0425 3664        SNMPTRAP - ok
18:19:02.0425 3664        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:19:02.0440 3664        spldr - ok
18:19:02.0471 3664        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:19:02.0471 3664        Spooler - ok
18:19:02.0627 3664        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:19:02.0643 3664        sppsvc - ok
18:19:02.0659 3664        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:19:02.0659 3664        sppuinotify - ok
18:19:02.0705 3664        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:19:02.0705 3664        srv - ok
18:19:02.0721 3664        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:19:02.0737 3664        srv2 - ok
18:19:02.0768 3664        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:19:02.0768 3664        srvnet - ok
18:19:02.0799 3664        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:19:02.0799 3664        SSDPSRV - ok
18:19:02.0815 3664        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:19:02.0815 3664        SstpSvc - ok
18:19:02.0846 3664        Steam Client Service - ok
18:19:02.0877 3664        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:19:02.0877 3664        stexstor - ok
18:19:02.0939 3664        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:19:02.0939 3664        stisvc - ok
18:19:02.0986 3664        stllssvr        (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:19:03.0002 3664        stllssvr - ok
18:19:03.0017 3664        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
18:19:03.0017 3664        StorSvc - ok
18:19:03.0033 3664        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:19:03.0033 3664        storvsc - ok
18:19:03.0064 3664        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:19:03.0064 3664        swenum - ok
18:19:03.0127 3664        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:19:03.0142 3664        SwitchBoard - ok
18:19:03.0189 3664        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:19:03.0205 3664        swprv - ok
18:19:03.0220 3664        SynthVid        (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
18:19:03.0220 3664        SynthVid - ok
18:19:03.0298 3664        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:19:03.0314 3664        SysMain - ok
18:19:03.0329 3664        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:19:03.0329 3664        TabletInputService - ok
18:19:03.0361 3664        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:19:03.0361 3664        TapiSrv - ok
18:19:03.0376 3664        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:19:03.0376 3664        TBS - ok
18:19:03.0454 3664        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:19:03.0470 3664        Tcpip - ok
18:19:03.0501 3664        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:19:03.0501 3664        TCPIP6 - ok
18:19:03.0532 3664        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:19:03.0532 3664        tcpipreg - ok
18:19:03.0548 3664        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:19:03.0548 3664        TDPIPE - ok
18:19:03.0563 3664        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:19:03.0563 3664        TDTCP - ok
18:19:03.0610 3664        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:19:03.0610 3664        tdx - ok
18:19:03.0626 3664        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:19:03.0641 3664        TermDD - ok
18:19:03.0673 3664        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:19:03.0673 3664        TermService - ok
18:19:03.0673 3664        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:19:03.0688 3664        Themes - ok
18:19:03.0704 3664        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:19:03.0704 3664        THREADORDER - ok
18:19:03.0719 3664        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:19:03.0719 3664        TrkWks - ok
18:19:03.0766 3664        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:19:03.0766 3664        TrustedInstaller - ok
18:19:03.0797 3664        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:03.0797 3664        tssecsrv - ok
18:19:03.0844 3664        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:19:03.0844 3664        TsUsbFlt - ok
18:19:03.0875 3664        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:19:03.0875 3664        TsUsbGD - ok
18:19:03.0907 3664        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:19:03.0907 3664        tunnel - ok
18:19:03.0907 3664        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:19:03.0907 3664        uagp35 - ok
18:19:03.0938 3664        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:19:03.0938 3664        udfs - ok
18:19:03.0969 3664        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:19:03.0969 3664        UI0Detect - ok
18:19:04.0000 3664        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:19:04.0000 3664        uliagpkx - ok
18:19:04.0016 3664        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:19:04.0016 3664        umbus - ok
18:19:04.0031 3664        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:19:04.0031 3664        UmPass - ok
18:19:04.0063 3664        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:19:04.0063 3664        UmRdpService - ok
18:19:04.0078 3664        Update-Service - ok
18:19:04.0109 3664        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:19:04.0109 3664        upnphost - ok
18:19:04.0141 3664        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:19:04.0141 3664        USBAAPL64 - ok
18:19:04.0187 3664        usbccgp        (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
18:19:04.0187 3664        usbccgp - ok
18:19:04.0203 3664        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:19:04.0203 3664        usbcir - ok
18:19:04.0234 3664        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:19:04.0234 3664        usbehci - ok
18:19:04.0281 3664        usbhub          (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
18:19:04.0281 3664        usbhub - ok
18:19:04.0312 3664        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:19:04.0312 3664        usbohci - ok
18:19:04.0328 3664        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:19:04.0328 3664        usbprint - ok
18:19:04.0343 3664        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:04.0343 3664        USBSTOR - ok
18:19:04.0375 3664        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:19:04.0375 3664        usbuhci - ok
18:19:04.0390 3664        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:19:04.0390 3664        UxSms - ok
18:19:04.0406 3664        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:04.0406 3664        VaultSvc - ok
18:19:04.0421 3664        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:19:04.0421 3664        vdrvroot - ok
18:19:04.0468 3664        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:19:04.0468 3664        vds - ok
18:19:04.0484 3664        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:04.0484 3664        vga - ok
18:19:04.0499 3664        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:19:04.0499 3664        VgaSave - ok
18:19:04.0515 3664        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:19:04.0515 3664        vhdmp - ok
18:19:04.0531 3664        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:19:04.0531 3664        viaide - ok
18:19:04.0546 3664        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:19:04.0562 3664        VMBusHID - ok
18:19:04.0593 3664        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:19:04.0593 3664        volmgr - ok
18:19:04.0624 3664        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:19:04.0640 3664        volmgrx - ok
18:19:04.0671 3664        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:19:04.0671 3664        volsnap - ok
18:19:04.0671 3664        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:19:04.0687 3664        vsmraid - ok
18:19:04.0733 3664        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:19:04.0749 3664        VSS - ok
18:19:04.0765 3664        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:19:04.0765 3664        vwifibus - ok
18:19:04.0780 3664        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:19:04.0780 3664        vwififlt - ok
18:19:04.0827 3664        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:19:04.0827 3664        W32Time - ok
18:19:04.0843 3664        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:19:04.0843 3664        WacomPen - ok
18:19:04.0858 3664        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:04.0858 3664        WANARP - ok
18:19:04.0858 3664        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:04.0858 3664        Wanarpv6 - ok
18:19:04.0967 3664        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:19:04.0983 3664        WatAdminSvc - ok
18:19:05.0045 3664        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:19:05.0061 3664        wbengine - ok
18:19:05.0077 3664        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:19:05.0077 3664        WbioSrvc - ok
18:19:05.0092 3664        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:19:05.0092 3664        wcncsvc - ok
18:19:05.0123 3664        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:19:05.0123 3664        WcsPlugInService - ok
18:19:05.0139 3664        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:19:05.0139 3664        Wd - ok
18:19:05.0186 3664        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:19:05.0186 3664        Wdf01000 - ok
18:19:05.0217 3664        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:05.0217 3664        WdiServiceHost - ok
18:19:05.0217 3664        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:05.0217 3664        WdiSystemHost - ok
18:19:05.0233 3664        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:19:05.0233 3664        WebClient - ok
18:19:05.0248 3664        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:19:05.0248 3664        Wecsvc - ok
18:19:05.0264 3664        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:19:05.0264 3664        wercplsupport - ok
18:19:05.0279 3664        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:19:05.0279 3664        WerSvc - ok
18:19:05.0295 3664        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:05.0295 3664        WfpLwf - ok
18:19:05.0342 3664        WimFltr        (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:19:05.0342 3664        WimFltr - ok
18:19:05.0373 3664        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:19:05.0373 3664        WIMMount - ok
18:19:05.0404 3664        WinDefend - ok
18:19:05.0420 3664        WinHttpAutoProxySvc - ok
18:19:05.0467 3664        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:19:05.0482 3664        Winmgmt - ok
18:19:05.0545 3664        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:19:05.0560 3664        WinRM - ok
18:19:05.0607 3664        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:19:05.0607 3664        WinUsb - ok
18:19:05.0669 3664        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:19:05.0669 3664        Wlansvc - ok
18:19:05.0685 3664        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:19:05.0685 3664        WmiAcpi - ok
18:19:05.0716 3664        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:19:05.0716 3664        wmiApSrv - ok
18:19:05.0732 3664        WMPNetworkSvc - ok
18:19:05.0747 3664        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:19:05.0747 3664        WPCSvc - ok
18:19:05.0779 3664        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:19:05.0779 3664        WPDBusEnum - ok
18:19:05.0794 3664        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:19:05.0794 3664        ws2ifsl - ok
18:19:05.0841 3664        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:19:05.0841 3664        wscsvc - ok
18:19:05.0841 3664        WSearch - ok
18:19:05.0935 3664        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:19:05.0950 3664        wuauserv - ok
18:19:05.0966 3664        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:19:05.0966 3664        WudfPf - ok
18:19:06.0013 3664        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:06.0013 3664        WUDFRd - ok
18:19:06.0028 3664        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:19:06.0028 3664        wudfsvc - ok
18:19:06.0075 3664        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:19:06.0075 3664        WwanSvc - ok
18:19:06.0153 3664        {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
18:19:06.0153 3664        {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
18:19:06.0200 3664        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:19:06.0434 3664        \Device\Harddisk0\DR0 - ok
18:19:06.0434 3664        Boot (0x1200)  (1d510005a1f408ad3e12746ab39441de) \Device\Harddisk0\DR0\Partition0
18:19:06.0434 3664        \Device\Harddisk0\DR0\Partition0 - ok
18:19:06.0449 3664        Boot (0x1200)  (403bea9a7ba5f8e5d455519ee0993a49) \Device\Harddisk0\DR0\Partition1
18:19:06.0465 3664        \Device\Harddisk0\DR0\Partition1 - ok
18:19:06.0465 3664        ============================================================
18:19:06.0465 3664        Scan finished
18:19:06.0465 3664        ============================================================
18:19:06.0465 2676        Detected object count: 0
18:19:06.0465 2676        Actual detected object count: 0
18:20:33.0377 3980        Deinitialize success

Psychotic 05.06.2012 07:39
Hinweis: P2P/Filesharing


Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall Bittorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.


adwCleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Cersus 05.06.2012 12:42
Ich habe nun Bit Torrent deinstalliert.

Hier die Textdatei des adwCleaner:
Code:
# AdwCleaner v1.608 - Logfile created 06/05/2012 at 13:36:25
# Updated 27/05/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : *** - ULTRA
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Local\TempDir

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.21

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [765 octets] - [05/06/2012 13:36:25]

########## EOF - C:\AdwCleaner[R1].txt - [892 octets] ##########

Psychotic 05.06.2012 15:03
Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Cersus 05.06.2012 15:43
Ich habe Combofix ausgeführt. Hier der entsprechende log:

Code:
ComboFix 12-06-05.01 - *** 05.06.2012  16:28:36.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.16366.14569 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\users\***\AppData\Local\TempDIR
c:\users\***\AppData\Local\TempDIR\BetterInstaller.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-05 bis 2012-06-05  ))))))))))))))))))))))))))))))
.
.
2012-06-05 11:14 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BCC2B9-3E1B-4D8D-86AD-9DFA0B6B366D}\mpengine.dll
2012-06-03 11:49 . 2012-06-03 12:57        --------        d-----w-        c:\program files (x86)\Warcraft III
2012-06-02 17:12 . 2012-06-02 17:12        354304        ----a-w-        c:\windows\system32\pouawfiuj.dll
2012-05-13 16:14 . 2012-05-13 16:14        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-13 16:14 . 2012-05-13 16:14        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-05-08 15:48 . 2012-05-08 15:48        --------        d-----w-        c:\users\***\AppData\Local\SniperV2
2012-05-08 15:45 . 2012-05-08 15:45        --------        d-----w-        c:\users\***\AppData\Local\SKIDROW
2012-05-08 15:40 . 2012-05-08 15:40        --------        d-----w-        c:\program files (x86)\Rebellion
2012-05-07 16:42 . 2012-05-07 16:42        --------        d-----w-        c:\users\***\jagexcache
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 19:11 . 2011-12-26 13:52        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:11 . 2011-12-26 13:52        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-04 18:26 . 2012-05-04 18:26        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:26 . 2011-11-29 18:09        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22        11174400        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-30 02:41        909312        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20        1067520        ----a-w-        c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16        503808        ----a-w-        c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16        236544        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13        6800896        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10        26181632        ----a-w-        c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-30 02:41        64000        ----a-w-        c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54        7479296        ----a-w-        c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50        19753984        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35        1120768        ----a-w-        c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34        1831424        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34        4731904        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-30 02:41        6203392        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29        16090624        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25        13764096        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23        7431680        ----a-w-        c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-30 02:41        4795904        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11        514560        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        360448        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10        343040        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-11-30 02:41        54784        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09        41984        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09        44544        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-30 02:41        32256        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:59 . 2011-11-29 18:19        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-05 20:39 . 2011-11-29 18:20        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-05 20:34 . 2012-04-05 20:34        187392        ----a-w-        c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34        74752        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34        64512        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33        63488        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33        16457216        ----a-w-        c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32        13007872        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07        29184        ----a-w-        c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06        24576        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/24 22:25];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-771433797-4172215404-876768487-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,56,4c,ac,7a,2f,79,74,31,22,85,6d,7a,29,83,8d,0f,f9,9b,1b,a4,
  4a,06,b5,75,3f,0b,82,1f,c7,1d,cc,e3,41,5f,1a,c3,e2,b8,2b,04,80,c5,0e,10,46,\
"rkeysecu"=hex:22,5d,58,d5,c3,bd,b2,98,49,fc,bd,5e,79,1f,76,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-05  16:34:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-05 14:34
.
Vor Suchlauf: 13 Verzeichnis(se), 858'275'844'096 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 857'915'236'352 Bytes frei
.
- - End Of File - - 833176481F52F1520D68D2F696606C4A

Psychotic 06.06.2012 06:17
Schritt 1: VT


Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    c:\windows\system32\pouawfiuj.dll
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.


Schritt 2: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
DIRLOOK::
c:\users\***\AppData\Local\SKIDROW
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Cersus 06.06.2012 09:49
Hallo Marius
Die Datei, die ich auf Virustotal überprüfen sollte, existiert nicht:
Zitat:
pouawfiuj.dll
Datei wurde nicht gefunden.
Überprüfen sie den Dateinamen und wiederholen Sie den Vorgang.
Beim zweiten Schritt klappte alles reibungslos, hier das CFScript:

Code:
ComboFix 12-06-05.04 - *** 06.06.2012  10:33:15.2.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.16366.14461 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-06 bis 2012-06-06  ))))))))))))))))))))))))))))))
.
.
2012-06-06 08:35 . 2012-06-06 08:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-05 11:14 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BCC2B9-3E1B-4D8D-86AD-9DFA0B6B366D}\mpengine.dll
2012-06-03 11:49 . 2012-06-03 12:57        --------        d-----w-        c:\program files (x86)\Warcraft III
2012-06-02 17:12 . 2012-06-02 17:12        354304        ----a-w-        c:\windows\system32\pouawfiuj.dll
2012-05-13 16:14 . 2012-05-13 16:14        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-13 16:14 . 2012-05-13 16:14        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-05-08 15:48 . 2012-05-08 15:48        --------        d-----w-        c:\users\***\AppData\Local\SniperV2
2012-05-08 15:45 . 2012-05-08 15:45        --------        d-----w-        c:\users\***\AppData\Local\SKIDROW
2012-05-08 15:40 . 2012-05-08 15:40        --------        d-----w-        c:\program files (x86)\Rebellion
2012-05-07 16:42 . 2012-05-07 16:42        --------        d-----w-        c:\users\***\jagexcache
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 19:11 . 2011-12-26 13:52        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:11 . 2011-12-26 13:52        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-04 18:26 . 2012-05-04 18:26        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:26 . 2011-11-29 18:09        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22        11174400        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-30 02:41        909312        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20        1067520        ----a-w-        c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16        503808        ----a-w-        c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16        236544        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13        6800896        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10        26181632        ----a-w-        c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-30 02:41        64000        ----a-w-        c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54        7479296        ----a-w-        c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50        19753984        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35        1120768        ----a-w-        c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34        1831424        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34        4731904        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-30 02:41        6203392        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29        16090624        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25        13764096        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23        7431680        ----a-w-        c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-30 02:41        4795904        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11        514560        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        360448        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10        343040        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-11-30 02:41        54784        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09        41984        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09        44544        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-30 02:41        32256        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:59 . 2011-11-29 18:19        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-05 20:39 . 2011-11-29 18:20        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-05 20:34 . 2012-04-05 20:34        187392        ----a-w-        c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34        74752        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34        64512        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33        63488        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33        16457216        ----a-w-        c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32        13007872        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07        29184        ----a-w-        c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06        24576        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\***\AppData\Local\SKIDROW ----
.
2012-05-08 16:03 . 2012-05-13 10:09        4        ----a-w-        c:\users\***\AppData\Local\SKIDROW\63380\Stats.bin
2012-05-08 15:48 . 2012-05-13 10:08        3145736        ----a-w-        c:\users\***\AppData\Local\SKIDROW\63380\Storage\sniperv2\pc_profilesaves\76561196619140020\checkpoint4.cld
2012-05-08 15:48 . 2012-05-13 10:11        512        ----a-w-        c:\users\***\AppData\Local\SKIDROW\63380\Storage\localstats.cld
2012-05-08 15:48 . 2012-05-13 10:11        648        ----a-w-        c:\users\***\AppData\Local\SKIDROW\63380\Storage\generalgamesettings.cld
2012-05-08 15:48 . 2012-05-13 10:11        8        ----a-w-        c:\users\***\AppData\Local\SKIDROW\63380\Storage\playerprofile.cld
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-05_14.32.31  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-06 08:36 . 2012-06-06 08:36        13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-05 14:31 . 2012-06-05 14:31        13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-05 14:32        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-06 08:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-06 08:36        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-06 08:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-06 08:16        47442              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-06 08:16        38276              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-25 23:05 . 2012-06-06 08:16        13252              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-771433797-4172215404-876768487-1000_UserData.bin
- 2011-12-26 22:10 . 2012-06-05 14:32        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:36        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:36        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:36        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-06 08:36 . 2012-06-06 08:36        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-05 14:32 . 2012-06-05 14:32        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-05 14:30        652390              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-06 08:19        652390              c:\windows\system32\perfh009.dat
- 2011-03-01 04:56 . 2012-06-05 14:30        697072              c:\windows\system32\perfh007.dat
+ 2011-03-01 04:56 . 2012-06-06 08:19        697072              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-06 08:19        121064              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-05 14:30        121064              c:\windows\system32\perfc009.dat
- 2011-03-01 04:56 . 2012-06-05 14:30        148110              c:\windows\system32\perfc007.dat
+ 2011-03-01 04:56 . 2012-06-06 08:19        148110              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-06 08:36        352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-05 14:31        352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-25 23:12 . 2012-06-05 13:42        8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
+ 2011-12-25 23:12 . 2012-06-05 20:09        8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/24 22:25];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-771433797-4172215404-876768487-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,56,4c,ac,7a,2f,79,74,31,22,85,6d,7a,29,83,8d,0f,f9,9b,1b,a4,
  4a,06,b5,75,3f,0b,82,1f,c7,1d,cc,e3,41,5f,1a,c3,e2,b8,2b,04,80,c5,0e,10,46,\
"rkeysecu"=hex:22,5d,58,d5,c3,bd,b2,98,49,fc,bd,5e,79,1f,76,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-06  10:38:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-06 08:38
.
Vor Suchlauf: 14 Verzeichnis(se), 858'639'613'952 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 858'296'713'216 Bytes frei
.
- - End Of File - - 8FC36893C391D080DDB0C6180F256612

Psychotic 06.06.2012 09:59
CkScan


Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.

Cersus 06.06.2012 10:56
CKScanner:
Code:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\skyrim\data\textures\architecture\windhelm\wholdcrackedbrick.dds
c:\program files (x86)\steam\steamapps\common\skyrim\data\textures\architecture\windhelm\wholdcrackedbrick2.dds
scanner sequence 3.AA.11.LGLBBU
 ----- EOF -----

Psychotic 06.06.2012 11:05
Schritt 1: CF-script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
http://www.trojaner-board.de/116308-tr-mediyes-eb-1-tr-atraps-gen.html

COLLECT::
c:\windows\system32\pouawfiuj.dll
CLEARJAVACACHE::
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: MBAM


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Cersus 06.06.2012 13:16
ComboFix:
Code:
ComboFix 12-06-05.04 - *** 06.06.2012  12:23:44.3.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.16366.14202 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pouawfiuj.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-06 bis 2012-06-06  ))))))))))))))))))))))))))))))
.
.
2012-06-06 10:26 . 2012-06-06 10:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-05 11:14 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BCC2B9-3E1B-4D8D-86AD-9DFA0B6B366D}\mpengine.dll
2012-06-03 11:49 . 2012-06-03 12:57        --------        d-----w-        c:\program files (x86)\Warcraft III
2012-05-13 16:14 . 2012-05-13 16:14        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-13 16:14 . 2012-05-13 16:14        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-05-08 15:48 . 2012-05-08 15:48        --------        d-----w-        c:\users\***\AppData\Local\SniperV2
2012-05-08 15:45 . 2012-05-08 15:45        --------        d-----w-        c:\users\***\AppData\Local\SKIDROW
2012-05-08 15:40 . 2012-05-08 15:40        --------        d-----w-        c:\program files (x86)\Rebellion
2012-05-07 16:42 . 2012-05-07 16:42        --------        d-----w-        c:\users\***\jagexcache
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 19:11 . 2011-12-26 13:52        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:11 . 2011-12-26 13:52        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-04 18:26 . 2012-05-04 18:26        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:26 . 2011-11-29 18:09        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22        11174400        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-30 02:41        909312        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20        1067520        ----a-w-        c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16        503808        ----a-w-        c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16        236544        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13        6800896        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10        26181632        ----a-w-        c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-30 02:41        64000        ----a-w-        c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54        7479296        ----a-w-        c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50        19753984        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35        1120768        ----a-w-        c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34        1831424        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34        4731904        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-30 02:41        6203392        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29        16090624        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25        13764096        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23        7431680        ----a-w-        c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-30 02:41        4795904        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11        514560        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        360448        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10        343040        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-11-30 02:41        54784        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09        41984        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09        44544        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-30 02:41        32256        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:59 . 2011-11-29 18:19        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-05 20:39 . 2011-11-29 18:20        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-05 20:34 . 2012-04-05 20:34        187392        ----a-w-        c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34        74752        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34        64512        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33        63488        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33        16457216        ----a-w-        c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32        13007872        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07        29184        ----a-w-        c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06        24576        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-05_14.32.31  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-06 10:26 . 2012-06-06 10:26        13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-05 14:31 . 2012-06-05 14:31        13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-05 14:32        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-06 10:27        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-06 10:27        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-06 10:27        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-06 08:43        47624              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-06 08:43        38332              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-25 23:05 . 2012-06-06 08:43        13276              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-771433797-4172215404-876768487-1000_UserData.bin
- 2011-12-26 22:10 . 2012-06-05 14:32        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:41        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:41        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:41        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-05 14:32 . 2012-06-05 14:32        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-06 10:26 . 2012-06-06 10:26        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-06 10:26 . 2012-06-06 10:26        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-05 14:32 . 2012-06-05 14:32        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-05 14:30        652390              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-06 08:45        652390              c:\windows\system32\perfh009.dat
+ 2011-03-01 04:56 . 2012-06-06 08:45        697072              c:\windows\system32\perfh007.dat
- 2011-03-01 04:56 . 2012-06-05 14:30        697072              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-06 08:45        121064              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-05 14:30        121064              c:\windows\system32\perfc009.dat
- 2011-03-01 04:56 . 2012-06-05 14:30        148110              c:\windows\system32\perfc007.dat
+ 2011-03-01 04:56 . 2012-06-06 08:45        148110              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-06 10:26        352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-05 14:31        352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-29 19:06 . 2012-06-06 10:26        2518144              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-29 19:06 . 2012-06-05 13:42        2518144              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-25 23:12 . 2012-06-05 13:42        8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
+ 2011-12-25 23:12 . 2012-06-06 10:26        8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/24 22:25];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-771433797-4172215404-876768487-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,56,4c,ac,7a,2f,79,74,31,22,85,6d,7a,29,83,8d,0f,f9,9b,1b,a4,
  4a,06,b5,75,3f,0b,82,1f,c7,1d,cc,e3,41,5f,1a,c3,e2,b8,2b,04,80,c5,0e,10,46,\
"rkeysecu"=hex:22,5d,58,d5,c3,bd,b2,98,49,fc,bd,5e,79,1f,76,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-06  12:29:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-06 10:29
.
Vor Suchlauf: 15 Verzeichnis(se), 858'452'238'336 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 858'352'373'760 Bytes frei
.
- - End Of File - - 96629AF3D32C1C0A411AFBD0813FF900
Hochladen war erfolgreich
Malwarebytes:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabriel :: ULTRA [Administrator]

Schutz: Aktiviert

06.06.2012 14:08:52
mbam-log-2012-06-06 (14-08-52).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344700
Laufzeit: 1 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Psychotic 06.06.2012 13:27
Onlinescan zur Kontrolle



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Macht der Rechner noch Probleme?

Cersus 06.06.2012 14:28
Eset-Textfile:
Code:
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\TempDIR\BetterInstaller.exe.vir        a variant of Win32/Somoto.A application
C:\Users\***\Downloads\coretemp_1236.exe        a variant of Win32/InstallIQ application
Probleme hat mein Rechner eigentlich noch nie gemacht. Ich war nur ein wenig verunsichert, da Avira-Antivir zwei Trojaner gemeldet hatte und man sie durch einfaches löschen nicht weg bekommen hatte. Ich werde gleich nochmal mit Avira einen vollständigen Suchlauf durchführen, um zu schauen ob Avira noch was meldet.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:22 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129