Trojaner-Board - Ständige Avast Meldungen: "Netzwerkverbindung wurde blockiert"

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Ständige Avast Meldungen: "Netzwerkverbindung wurde blockiert" (https://www.trojaner-board.de/108017-staendige-avast-meldungen-netzwerkverbindung-wurde-blockiert.html)

Ständige Avast Meldungen: "Netzwerkverbindung wurde blockiert"

Hallo,
ich habe folgendes Problem: In letzter Zeit kommt es oft dazu, dass Avast meldet, dass eine Netzwerkverbindung geblockt wurde. Dies passiert meistens wenn ich z.B. ein Spiel spiele und den Internet Browser (Google Chrome) im Hintergrund laufen lasse. Handelt es sich womöglich um einen Fehlalarm? Was kann ich nun tun? Ich poste mal einen OTL Log falls es hilt :>

OTL.txt

Code:

OTL logfile created on: 12.01.2012 21:19:23 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Familie\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,96 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,86% Memory free

7,92 Gb Paging File | 6,13 Gb Available in Paging File | 77,39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 488,18 Gb Total Space | 389,12 Gb Free Space | 79,71% Space Free | Partition Type: NTFS

Drive D: | 443,23 Gb Total Space | 412,51 Gb Free Space | 93,07% Space Free | Partition Type: NTFS

 

Computer Name: SCHLEIZ-PC | User Name: Schleiz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Familie\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Familie\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\Familie\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll ()

MOD - C:\Users\Familie\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll ()

MOD - C:\Users\Familie\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll ()

MOD - C:\Users\Familie\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll ()

MOD - C:\Users\Familie\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll ()

MOD - C:\Users\Familie\AppData\Local\Google\Chrome\APPLIC~1\160912~1.75\gcswf32.dll ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()

SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()

DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)

DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)

DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=0ff32d7d-f26f-4753-9f1a-c45c67dce320&ref=homepage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 40 EB 97 F7 49 CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=0ff32d7d-f26f-4753-9f1a-c45c67dce320&lcid=1031&ref=homepage"

FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Schleiz\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Schleiz\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.08 21:08:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2011.01.11 11:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schleiz\AppData\Roaming\mozilla\Extensions

[2011.09.15 17:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions

[2011.09.15 17:01:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com

[2011.09.15 16:55:08 | 000,002,270 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\Mozilla\Firefox\Profiles\ea2gmjif.default\searchplugins\SearchTheWeb.xml

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Iminent (Enabled)

CHR - default_search_provider: search_url = hxxp://search.iminent.com/?appId=0FF32D7D-F26F-4753-9F1A-C45C67DCE320&ref=toolbox&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Chrome\Application\14.0.835.186\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Users\Schleiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.33 217.0.43.17

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98FDDB5F-2F30-4333-9CC4-20379275868E}: DhcpNameServer = 217.0.43.33 217.0.43.17

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe

O33 - MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX:64bit: AutorunsDisabled - 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: AutorunsDisabled - 

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^Users^Schleiz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found

MsConfig:64bit - StartUpReg: 4StoryPrePatch - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

MsConfig:64bit - StartUpReg: BCU - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Clownfish - hkey= - key= - C:\Program Files (x86)\Clownfish\Clownfish.exe ()

MsConfig:64bit - StartUpReg: EPSON Stylus Photo R240 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)

MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Schleiz\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig:64bit - StartUpReg: IMBooster - hkey= - key= - C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe (Iminent)

MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)

MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.11 15:01:58 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012.01.11 15:01:58 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012.01.11 15:01:58 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012.01.11 15:01:58 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012.01.11 15:01:57 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012.01.11 15:01:56 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012.01.11 15:01:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2012.01.08 21:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.01.08 21:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012.01.08 21:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012.01.08 21:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012.01.08 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012.01.06 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader

[2012.01.06 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\NVIDIA

[2012.01.06 19:46:41 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Teeworlds

[2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\TEMP

[2012.01.04 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Local\LogMeIn Hamachi

[2011.12.28 19:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters

[2011.12.28 19:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE

[2011.12.28 19:24:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011.12.28 19:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011.12.28 19:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2011.12.26 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

[2011.12.23 10:35:05 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\riotsGamesLogs

[2011.12.23 10:30:20 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Sun

[2011.12.23 09:47:41 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\lang

[2011.12.23 09:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Groovedown

[2011.12.22 14:11:56 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys

[2011.12.22 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2011.12.22 14:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2011.12.20 07:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2011.12.19 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\My Art

[2011.12.19 18:28:17 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\NPS

[2011.12.19 18:24:26 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys

[2011.12.19 18:24:26 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys

[2011.12.19 18:24:26 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys

[2011.12.19 18:24:26 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys

[2011.12.19 18:24:26 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys

[2011.12.19 18:24:26 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys

[2011.12.19 18:24:26 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys

[2011.12.19 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2011.12.19 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\Samsung

[2011.12.19 18:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite

[2011.12.19 18:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAnyContentSAFER

[2011.12.19 17:58:41 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll

[2011.12.19 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2011.12.19 17:58:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2011.12.19 17:57:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers

[2011.12.19 17:57:47 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe

[2011.12.19 17:57:47 | 000,024,064 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\FsExService64.exe

[2011.12.19 17:57:47 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys

[2011.12.19 17:57:47 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys

[2011.12.19 17:57:47 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\My NPS Files

[2011.12.19 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Samsung

[2011.12.19 17:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio

[2011.12.19 17:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny

[2011.12.19 17:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

[2011.12.19 17:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

[2011.12.19 17:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.12.17 11:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011.12.17 11:38:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2011.12.16 16:12:12 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\Battlefield 3

[2011.12.16 15:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins

[2011.12.16 15:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2011.12.16 15:29:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2011.12.16 15:28:21 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2011.12.16 15:28:21 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2011.12.16 15:28:21 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2011.12.16 15:28:21 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2011.12.16 15:28:21 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2011.12.16 15:28:21 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2011.12.16 15:28:20 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2011.12.16 15:28:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2011.12.16 15:28:19 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2011.12.16 15:28:19 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2011.12.16 15:28:19 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2011.12.16 15:28:19 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2011.12.16 15:28:18 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2011.12.16 15:28:18 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2011.12.16 15:28:18 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2011.12.16 15:28:18 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2011.12.15 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Origin

[2011.12.15 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Local\Origin

[2011.12.15 18:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2011.12.15 18:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2011.12.15 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2011.12.15 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2011.12.15 14:51:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.15 14:51:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.15 14:51:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.15 14:51:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.15 14:51:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.15 14:51:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.15 14:51:00 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011.12.15 14:51:00 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011.12.15 14:51:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011.12.15 14:51:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011.12.15 14:50:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011.12.15 14:42:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.15 14:42:30 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.15 14:42:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.12 21:08:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1005UA.job

[2012.01.12 21:08:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1000UA.job

[2012.01.12 20:51:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1004UA.job

[2012.01.12 19:51:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1004Core.job

[2012.01.12 16:51:46 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.12 16:51:46 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.12 16:44:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.12 16:44:01 | 3189,362,688 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.11 16:08:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1005Core.job

[2012.01.11 16:08:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1000Core.job

[2012.01.11 14:19:47 | 465,877,912 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.01.11 14:15:50 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.11 14:15:50 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.11 14:15:50 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.11 14:15:50 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.11 14:15:50 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.10 21:35:09 | 001,619,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.01.04 16:52:14 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012.01.04 10:12:29 | 000,000,680 | RHS- | M] () -- C:\Users\Schleiz\ntuser.pol

[2011.12.27 15:46:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.12.27 15:46:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.12.26 22:22:05 | 000,001,112 | ---- | M] () -- C:\Users\Schleiz\Desktop\Fraps.lnk

[2011.12.26 16:31:06 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2011.12.23 10:30:20 | 000,000,249 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\groovedown.settings

[2011.12.23 10:25:48 | 000,006,881 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\gd.db

[2011.12.19 18:25:15 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp

[2011.12.19 18:04:43 | 000,005,632 | ---- | M] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2011.12.17 18:58:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011.12.16 15:28:23 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.12.15 18:57:46 | 000,000,529 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2011.12.15 15:41:17 | 000,300,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.14 17:10:39 | 000,000,752 | ---- | M] () -- C:\Users\Schleiz\Desktop\LOL Recorder.lnk

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.08 21:07:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012.01.04 16:54:40 | 000,000,752 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk

[2012.01.04 16:52:14 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012.01.04 10:12:29 | 000,000,680 | RHS- | C] () -- C:\Users\Schleiz\ntuser.pol

[2011.12.26 22:22:05 | 000,001,112 | ---- | C] () -- C:\Users\Schleiz\Desktop\Fraps.lnk

[2011.12.23 09:47:41 | 000,006,881 | ---- | C] () -- C:\Users\Schleiz\AppData\Roaming\gd.db

[2011.12.23 09:47:41 | 000,000,249 | ---- | C] () -- C:\Users\Schleiz\AppData\Roaming\groovedown.settings

[2011.12.19 18:25:15 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp

[2011.12.17 11:38:45 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011.12.15 18:57:46 | 000,000,529 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2011.10.23 16:43:45 | 000,101,159 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011.10.23 16:43:45 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011.10.23 16:43:45 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011.10.23 16:43:45 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011.10.23 16:43:45 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011.10.23 16:43:45 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011.10.23 16:43:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011.10.23 16:43:45 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2011.10.23 16:43:45 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011.10.23 16:43:45 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011.10.23 16:43:45 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011.10.23 16:43:45 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011.10.23 16:43:45 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011.10.23 16:43:45 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2011.10.23 16:43:45 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2011.10.23 16:43:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011.10.23 16:43:45 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011.10.23 16:42:35 | 000,000,025 | ---- | C] () -- C:\Windows\CDE R240R245EU.ini

[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.06.06 20:52:43 | 000,104,540 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.05.05 15:36:19 | 000,007,605 | ---- | C] () -- C:\Users\Schleiz\AppData\Local\Resmon.ResmonCfg

[2011.04.22 14:12:04 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011.04.07 19:23:28 | 000,000,095 | ---- | C] () -- C:\Users\Schleiz\AppData\Local\fusioncache.dat

[2011.04.07 19:22:48 | 001,619,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.04.01 21:41:32 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.04.01 21:41:28 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.01.19 19:57:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.01.11 10:08:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2011.01.11 09:59:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010.05.06 11:26:23 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini

[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\EPSPTDV.DLL

 
 ========== LOP Check ==========

 

[2011.01.26 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\.minecraft

[2011.09.15 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Babylon

[2011.02.13 15:15:43 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Boilsoft

[2011.01.11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Canneverbe Limited

[2011.04.15 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Canon

[2011.12.23 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\lang

[2011.07.10 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Leadertech

[2011.01.15 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\LolClient

[2011.01.14 16:18:10 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Need for Speed World

[2011.03.16 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Nvu

[2011.01.11 11:24:49 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\OpenOffice.org

[2011.12.15 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Origin

[2011.12.19 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Samsung

[2012.01.06 19:46:49 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Teeworlds

[2011.12.18 08:13:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.01.12 21:00:32 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.03.24 16:19:37 | 000,000,000 | ---D | M] -- C:\134b7c8be521176122a989e3

[2011.06.16 16:23:56 | 000,000,000 | ---D | M] -- C:\1c7c50bfa271b11603aa8919f8

[2011.05.11 18:24:28 | 000,000,000 | ---D | M] -- C:\51ad643c3f8aa27ca828

[2011.06.24 18:29:29 | 000,000,000 | ---D | M] -- C:\8cf71369a8d7c06d40677254fc

[2011.03.04 12:09:26 | 000,000,000 | ---D | M] -- C:\CFLog

[2012.01.10 21:35:20 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011.01.10 18:07:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.06.16 16:24:58 | 000,000,000 | ---D | M] -- C:\e39246864f83d428cc01519a

[2011.07.13 05:50:28 | 000,000,000 | ---D | M] -- C:\f3ec6e7e3ac7d19f5837ea1a

[2011.01.11 10:05:43 | 000,000,000 | ---D | M] -- C:\Intel

[2011.11.20 12:20:08 | 000,000,000 | ---D | M] -- C:\Nexon

[2011.01.18 17:10:31 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.12.19 17:58:40 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.01.08 21:08:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012.01.08 21:08:42 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2011.01.10 18:07:59 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.01.11 10:08:26 | 000,000,000 | ---D | M] -- C:\RaidTool

[2011.01.10 18:07:59 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012.01.12 21:20:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.01.04 10:22:47 | 000,000,000 | ---D | M] -- C:\TEMP

[2011.10.26 11:25:19 | 000,000,000 | R--D | M] -- C:\Users

[2012.01.11 14:19:47 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: AFD.SYS  >

[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys

[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys

[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys

[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys

[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys

[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 12.01.2012 21:19:23 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Familie\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,96 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,86% Memory free

7,92 Gb Paging File | 6,13 Gb Available in Paging File | 77,39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 488,18 Gb Total Space | 389,12 Gb Free Space | 79,71% Space Free | Partition Type: NTFS

Drive D: | 443,23 Gb Total Space | 412,51 Gb Free Space | 93,07% Space Free | Partition Type: NTFS

 

Computer Name: SCHLEIZ-PC | User Name: Schleiz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = Twin USB Vibration Gamepad

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.11

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29

"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AF2D5B54-36DE-471E-B9C8-58E4B2B951C6}" = Iminent

"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE

"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast" = avast! Free Antivirus

"Battlelog Web Plugins" = Battlelog Web Plugins

"Clownfish" = Clownfish for Skype

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"ESN Sonar-0.70.4" = ESN Sonar

"Foxit Reader" = Foxit Reader

"Fraps" = Fraps (remove only)

"hon" = Heroes of Newerth

"IMBoosterARP" = Iminent

"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"LogMeIn Hamachi" = LogMeIn Hamachi

"LOLReplay" = LOLReplay

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"Steam App 440" = Team Fortress 2

"World of Warcraft" = World of Warcraft

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Hoffe mal das das richtig war :S

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Erstmal vielen Dank für die Antwort,

Malewarebytes hab ich durchlaufen lassen, hier das Log (nicht wundern, dass das Log schon vor der Antwort entstanden ist, war ein bisschen in Panik und hatte andere Fälle durchgeschaut wo eigentlich immer Malewarebytes benutzt wurde )

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.13.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Schleiz :: SCHLEIZ-PC [Administrator]
 

13.01.2012 14:11:21

mbam-log-2012-01-13 (14-11-21).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 397580

Laufzeit: 47 Minute(n), 20 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Eset lass ich jetzt gleich durchlaufen.

So ESET ist fertig, hier das Log:

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-14 09:44:25

# local_time=2012-01-14 10:44:25 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=768 16777215 100 0 31789044 31789044 0 0

# compatibility_mode=5893 16776573 100 94 4573 78159571 0 0

# compatibility_mode=8192 67108863 100 0 880 880 0 0

# scanned=192549

# found=2

# cleaned=0

# scan_time=4543

C:\Users\Schleiz\AppData\Local\Babylon\Setup\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schleiz\AppData\Local\Temp\73935A62-BAB0-7891-A8C2-94352E44F15D\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

Anmerkung: Keine Ahnung wie dieses Babylon Teil draufgekommen ist, da der Computer aber von mehreren Personen genutzt wird vermute ich, dass es von einen der anderen Personen vermutlich ausversehen installiert worden ist :pfeiff:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hab OTL laufen lassen, hier das Log:

Code:

OTL logfile created on: 14.01.2012 20:04:06 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Familie\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,96 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,49% Memory free

7,92 Gb Paging File | 6,61 Gb Available in Paging File | 83,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 488,18 Gb Total Space | 385,94 Gb Free Space | 79,06% Space Free | Partition Type: NTFS

Drive D: | 443,23 Gb Total Space | 412,51 Gb Free Space | 93,07% Space Free | Partition Type: NTFS

 

Computer Name: SCHLEIZ-PC | User Name: Schleiz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Familie\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()

SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()

DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)

DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)

DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=0ff32d7d-f26f-4753-9f1a-c45c67dce320&ref=homepage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 40 EB 97 F7 49 CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=0ff32d7d-f26f-4753-9f1a-c45c67dce320&lcid=1031&ref=homepage"

FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Schleiz\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Schleiz\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.08 21:08:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2011.01.11 11:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schleiz\AppData\Roaming\mozilla\Extensions

[2011.09.15 17:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions

[2011.09.15 17:01:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com

[2011.09.15 16:55:08 | 000,002,270 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\Mozilla\Firefox\Profiles\ea2gmjif.default\searchplugins\SearchTheWeb.xml

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Iminent (Enabled)

CHR - default_search_provider: search_url = hxxp://search.iminent.com/?appId=0FF32D7D-F26F-4753-9F1A-C45C67DCE320&ref=toolbox&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Chrome\Application\14.0.835.186\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Schleiz\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Users\Schleiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Users\Familie\Daniel\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.33 217.0.43.17

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98FDDB5F-2F30-4333-9CC4-20379275868E}: DhcpNameServer = 217.0.43.33 217.0.43.17

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe

O33 - MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^Users^Schleiz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found

MsConfig:64bit - StartUpReg: 4StoryPrePatch - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

MsConfig:64bit - StartUpReg: BCU - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Clownfish - hkey= - key= - C:\Program Files (x86)\Clownfish\Clownfish.exe ()

MsConfig:64bit - StartUpReg: EPSON Stylus Photo R240 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)

MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Schleiz\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig:64bit - StartUpReg: IMBooster - hkey= - key= - C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe (Iminent)

MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)

MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX:64bit: AutorunsDisabled - 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: AutorunsDisabled - 

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.14 09:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.01.14 09:03:21 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.01.08 21:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.01.08 21:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012.01.08 21:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012.01.08 21:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012.01.08 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012.01.06 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader

[2012.01.06 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\NVIDIA

[2012.01.06 19:46:41 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Teeworlds

[2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\TEMP

[2012.01.04 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Local\LogMeIn Hamachi

[2011.12.28 19:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters

[2011.12.28 19:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE

[2011.12.28 19:24:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011.12.28 19:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011.12.28 19:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2011.12.26 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

[2011.12.23 10:35:05 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\riotsGamesLogs

[2011.12.23 10:30:20 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Sun

[2011.12.23 09:47:41 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\lang

[2011.12.23 09:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Groovedown

[2011.12.22 14:11:56 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys

[2011.12.22 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2011.12.22 14:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2011.12.20 07:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2011.12.19 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\My Art

[2011.12.19 18:28:17 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\NPS

[2011.12.19 18:24:26 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys

[2011.12.19 18:24:26 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys

[2011.12.19 18:24:26 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys

[2011.12.19 18:24:26 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys

[2011.12.19 18:24:26 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys

[2011.12.19 18:24:26 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys

[2011.12.19 18:24:26 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys

[2011.12.19 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2011.12.19 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\Samsung

[2011.12.19 18:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite

[2011.12.19 18:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAnyContentSAFER

[2011.12.19 17:58:41 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll

[2011.12.19 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2011.12.19 17:58:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2011.12.19 17:57:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers

[2011.12.19 17:57:47 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe

[2011.12.19 17:57:47 | 000,024,064 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\FsExService64.exe

[2011.12.19 17:57:47 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys

[2011.12.19 17:57:47 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys

[2011.12.19 17:57:47 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\My NPS Files

[2011.12.19 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\AppData\Roaming\Samsung

[2011.12.19 17:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio

[2011.12.19 17:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny

[2011.12.19 17:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

[2011.12.19 17:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

[2011.12.19 17:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.12.17 11:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011.12.17 11:38:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2011.12.16 16:12:12 | 000,000,000 | ---D | C] -- C:\Users\Schleiz\Documents\Battlefield 3

[2011.12.16 15:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins

[2011.12.16 15:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2011.12.16 15:29:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.14 20:03:26 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.14 20:03:26 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.14 19:55:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.14 19:55:30 | 3189,362,688 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.14 19:08:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1005UA.job

[2012.01.14 19:08:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1000UA.job

[2012.01.14 18:51:26 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1004UA.job

[2012.01.14 16:08:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1005Core.job

[2012.01.14 16:08:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1000Core.job

[2012.01.13 19:51:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641835028-4203237894-2267377993-1004Core.job

[2012.01.13 13:42:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012.01.11 14:19:47 | 465,877,912 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.01.11 14:15:50 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.11 14:15:50 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.11 14:15:50 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.11 14:15:50 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.11 14:15:50 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.10 21:35:09 | 001,619,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.01.04 16:52:14 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012.01.04 10:12:29 | 000,000,680 | RHS- | M] () -- C:\Users\Schleiz\ntuser.pol

[2011.12.27 15:46:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.12.27 15:46:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.12.26 22:22:05 | 000,001,112 | ---- | M] () -- C:\Users\Schleiz\Desktop\Fraps.lnk

[2011.12.26 16:31:06 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2011.12.23 10:30:20 | 000,000,249 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\groovedown.settings

[2011.12.23 10:25:48 | 000,006,881 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\gd.db

[2011.12.19 18:25:15 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp

[2011.12.19 18:04:43 | 000,005,632 | ---- | M] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2011.12.17 18:58:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011.12.16 15:28:23 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.08 21:07:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012.01.04 16:54:40 | 000,000,752 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk

[2012.01.04 16:52:14 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012.01.04 10:12:29 | 000,000,680 | RHS- | C] () -- C:\Users\Schleiz\ntuser.pol

[2011.12.26 22:22:05 | 000,001,112 | ---- | C] () -- C:\Users\Schleiz\Desktop\Fraps.lnk

[2011.12.23 09:47:41 | 000,006,881 | ---- | C] () -- C:\Users\Schleiz\AppData\Roaming\gd.db

[2011.12.23 09:47:41 | 000,000,249 | ---- | C] () -- C:\Users\Schleiz\AppData\Roaming\groovedown.settings

[2011.12.19 18:25:15 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp

[2011.12.17 11:38:45 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011.10.23 16:43:45 | 000,101,159 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011.10.23 16:43:45 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011.10.23 16:43:45 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011.10.23 16:43:45 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011.10.23 16:43:45 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011.10.23 16:43:45 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011.10.23 16:43:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011.10.23 16:43:45 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2011.10.23 16:43:45 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011.10.23 16:43:45 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011.10.23 16:43:45 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011.10.23 16:43:45 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011.10.23 16:43:45 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011.10.23 16:43:45 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2011.10.23 16:43:45 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2011.10.23 16:43:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011.10.23 16:43:45 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011.10.23 16:42:35 | 000,000,025 | ---- | C] () -- C:\Windows\CDE R240R245EU.ini

[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.06.06 20:52:43 | 000,104,540 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.05.05 15:36:19 | 000,007,605 | ---- | C] () -- C:\Users\Schleiz\AppData\Local\Resmon.ResmonCfg

[2011.04.22 14:12:04 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011.04.07 19:23:28 | 000,000,095 | ---- | C] () -- C:\Users\Schleiz\AppData\Local\fusioncache.dat

[2011.04.07 19:22:48 | 001,619,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.04.01 21:41:32 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.04.01 21:41:28 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.01.19 19:57:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.01.11 10:08:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2011.01.11 09:59:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010.05.06 11:26:23 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini

[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\EPSPTDV.DLL

 
 ========== LOP Check ==========

 

[2011.01.26 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\.minecraft

[2011.09.15 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Babylon

[2011.02.13 15:15:43 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Boilsoft

[2011.01.11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Canneverbe Limited

[2011.04.15 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Canon

[2011.12.23 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\lang

[2011.07.10 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Leadertech

[2011.01.15 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\LolClient

[2011.01.14 16:18:10 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Need for Speed World

[2011.03.16 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Nvu

[2011.01.11 11:24:49 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\OpenOffice.org

[2011.12.15 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Origin

[2011.12.19 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Samsung

[2012.01.06 19:46:49 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Teeworlds

[2011.12.18 08:13:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.01.26 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\.minecraft

[2011.01.12 18:53:48 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Adobe

[2011.04.15 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\ArcSoft

[2011.09.15 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Babylon

[2011.02.13 15:15:43 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Boilsoft

[2011.01.11 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Canneverbe Limited

[2011.04.15 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Canon

[2011.02.13 15:10:04 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\CyberLink

[2011.01.10 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Identities

[2011.01.11 10:08:01 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\InstallShield

[2011.01.11 10:10:49 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Intel Corporation

[2011.12.23 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\lang

[2011.07.10 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Leadertech

[2011.01.15 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\LolClient

[2011.01.12 18:53:48 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Macromedia

[2011.08.24 10:27:09 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Media Center Programs

[2011.04.15 16:41:09 | 000,000,000 | --SD | M] -- C:\Users\Schleiz\AppData\Roaming\Microsoft

[2011.01.11 11:18:20 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Mozilla

[2011.01.14 16:18:10 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Need for Speed World

[2012.01.06 19:46:43 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\NVIDIA

[2011.03.16 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Nvu

[2011.01.11 11:24:49 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\OpenOffice.org

[2011.12.15 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Origin

[2011.12.19 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Samsung

[2011.12.17 11:38:41 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Skype

[2011.12.23 10:30:20 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Sun

[2012.01.06 19:46:49 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Teeworlds

[2011.06.12 08:30:04 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.12.19 18:09:14 | 000,069,632 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe

[2011.12.19 18:25:11 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\Schleiz\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2010.03.12 23:47:22 | 000,006,440 | ---- | M] () MD5=ACD301711FC165ED77A8D364D407BAF9 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\drivers\iaStor.sys

[2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Users\Familie\Daniel\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Nur mal so nebenbei: Hat sich irgendetwas (schlimmeres) gefunden oder warum wird ein neues OTL Log benötigt?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=0ff32d7d-f26f-4753-9f1a-c45c67dce320&ref=homepage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 40 EB 97 F7 49 CC 01  [binary data]

FF - prefs.js..browser.startup.homepage: "http://search.iminent.com/?appId=0ff32d7d-f26f-4753-9f1a-c45c67dce320&lcid=1031&ref=homepage"

FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"

[2011.09.15 17:01:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com

[2011.09.15 16:55:08 | 000,002,270 | ---- | M] () -- C:\Users\Schleiz\AppData\Roaming\Mozilla\Firefox\Profiles\ea2gmjif.default\searchplugins\SearchTheWeb.xml

CHR - default_search_provider: Iminent (Enabled)

CHR - default_search_provider: search_url = http://search.iminent.com/?appId=0FF32D7D-F26F-4753-9F1A-C45C67DCE320&ref=toolbox&q={searchTerms}

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe

O33 - MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^Users^Schleiz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found

[2011.09.15 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\Schleiz\AppData\Roaming\Babylon

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Fix ausgeführt, hier der Log:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

Prefs.js: "hxxp://search.iminent.com/?appId=0ff32d7d-f26f-4753-9f1a-c45c67dce320&lcid=1031&ref=homepage" removed from browser.startup.homepage

Prefs.js: "SearchTheWeb" removed from browser.search.defaultenginename

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\mozilla\Firefox\Profiles\ea2gmjif.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\Schleiz\AppData\Roaming\Mozilla\Firefox\Profiles\ea2gmjif.default\searchplugins\SearchTheWeb.xml moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eaca66f-1cdb-11e0-a1f9-806e6f6e6963}\ not found.

File E:\Run.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a6c8a9c-1d62-11e0-b7c5-806e6f6e6963}\ not found.

File E:\Autorun.exe not found.

C:\Users\Schleiz\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 35979085 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Familie

->Temp folder emptied: 172675886 bytes

->Temporary Internet Files folder emptied: 23886562 bytes

->Java cache emptied: 33439106 bytes

->FireFox cache emptied: 22458109 bytes

->Google Chrome cache emptied: 358675388 bytes

->Flash cache emptied: 29080 bytes

 

User: Natalie

->Temp folder emptied: 4623661 bytes

->Temporary Internet Files folder emptied: 2441068 bytes

->Java cache emptied: 1051146 bytes

->FireFox cache emptied: 3645181 bytes

->Google Chrome cache emptied: 413551869 bytes

->Flash cache emptied: 13194 bytes

 

User: Public

 

User: Schleiz

->Temp folder emptied: 1139823018 bytes

->Temporary Internet Files folder emptied: 321118407 bytes

->Java cache emptied: 358019 bytes

->FireFox cache emptied: 15474652 bytes

->Google Chrome cache emptied: 355649616 bytes

->Flash cache emptied: 1876 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 35979085 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 3238240 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 294719255 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

RecycleBin emptied: 4768 bytes

 

Total Files Cleaned = 3.089,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_215852
 

Files\Folders moved on Reboot...

File move failed. C:\Users\Familie\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1O6PN8Z\background_button_green_full[1].png moved successfully.

C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W71QK1BZ\background-banner-middle-v45[1].jpg moved successfully.

C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W71QK1BZ\background_banner_green_50_v45[1].jpg moved successfully.

C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NU2MQYV4\background-banner-right-v45[1].jpg moved successfully.

C:\Users\Familie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWYGRCXD\list-item-plus[1].png moved successfully.
 

Registry entries deleted on Reboot...

Ansonsten: War jetzt irgendwas gefährliches drauf? Was bewirkt eigentlich dieses "Babylon" Viech? :S

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Wurde ausgeführt, hier das Log:

Code:

20:35:05.0926 4344        TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05

20:35:06.0358 4344        ============================================================

20:35:06.0358 4344        Current date / time: 2012/01/15 20:35:06.0358

20:35:06.0358 4344        SystemInfo:

20:35:06.0358 4344        

20:35:06.0358 4344        OS Version: 6.1.7601 ServicePack: 1.0

20:35:06.0358 4344        Product type: Workstation

20:35:06.0358 4344        ComputerName: SCHLEIZ-PC

20:35:06.0358 4344        UserName: Schleiz

20:35:06.0358 4344        Windows directory: C:\Windows

20:35:06.0358 4344        System windows directory: C:\Windows

20:35:06.0358 4344        Running under WOW64

20:35:06.0358 4344        Processor architecture: Intel x64

20:35:06.0358 4344        Number of processors: 4

20:35:06.0358 4344        Page size: 0x1000

20:35:06.0358 4344        Boot type: Normal boot

20:35:06.0358 4344        ============================================================

20:35:06.0619 4344        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K', Flags 0x00000040

20:35:06.0691 4344        Initialize success

20:35:40.0719 0868        ============================================================

20:35:40.0719 0868        Scan started

20:35:40.0719 0868        Mode: Manual; SigCheck; TDLFS; 

20:35:40.0719 0868        ============================================================

20:35:40.0977 0868        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:35:41.0071 0868        1394ohci - ok

20:35:41.0115 0868        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:35:41.0141 0868        ACPI - ok

20:35:41.0174 0868        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:35:41.0212 0868        AcpiPmi - ok

20:35:41.0256 0868        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:35:41.0287 0868        adp94xx - ok

20:35:41.0309 0868        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:35:41.0324 0868        adpahci - ok

20:35:41.0331 0868        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:35:41.0343 0868        adpu320 - ok

20:35:41.0400 0868        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

20:35:41.0459 0868        AFD - ok

20:35:41.0486 0868        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:35:41.0504 0868        agp440 - ok

20:35:41.0523 0868        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:35:41.0534 0868        aliide - ok

20:35:41.0548 0868        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:35:41.0558 0868        amdide - ok

20:35:41.0576 0868        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:35:41.0599 0868        AmdK8 - ok

20:35:41.0605 0868        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:35:41.0641 0868        AmdPPM - ok

20:35:41.0676 0868        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:35:41.0688 0868        amdsata - ok

20:35:41.0705 0868        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:35:41.0719 0868        amdsbs - ok

20:35:41.0734 0868        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:35:41.0745 0868        amdxata - ok

20:35:41.0783 0868        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:35:41.0840 0868        AppID - ok

20:35:41.0885 0868        AppleCharger    (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys

20:35:41.0913 0868        AppleCharger - ok

20:35:41.0928 0868        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:35:41.0937 0868        arc - ok

20:35:41.0950 0868        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:35:41.0959 0868        arcsas - ok

20:35:41.0993 0868        aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys

20:35:42.0000 0868        aswFsBlk - ok

20:35:42.0033 0868        aswMonFlt       (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys

20:35:42.0040 0868        aswMonFlt - ok

20:35:42.0056 0868        aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys

20:35:42.0062 0868        aswRdr - ok

20:35:42.0118 0868        aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys

20:35:42.0144 0868        aswSnx - ok

20:35:42.0175 0868        aswSP           (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys

20:35:42.0188 0868        aswSP - ok

20:35:42.0212 0868        aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys

20:35:42.0221 0868        aswTdi - ok

20:35:42.0233 0868        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:35:42.0294 0868        AsyncMac - ok

20:35:42.0319 0868        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:35:42.0326 0868        atapi - ok

20:35:42.0371 0868        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:35:42.0415 0868        b06bdrv - ok

20:35:42.0439 0868        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:35:42.0483 0868        b57nd60a - ok

20:35:42.0524 0868        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:35:42.0599 0868        Beep - ok

20:35:42.0633 0868        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:35:42.0659 0868        blbdrive - ok

20:35:42.0684 0868        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:35:42.0711 0868        bowser - ok

20:35:42.0717 0868        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:35:42.0736 0868        BrFiltLo - ok

20:35:42.0741 0868        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:35:42.0753 0868        BrFiltUp - ok

20:35:42.0775 0868        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:35:42.0803 0868        Brserid - ok

20:35:42.0809 0868        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:35:42.0823 0868        BrSerWdm - ok

20:35:42.0829 0868        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:35:42.0852 0868        BrUsbMdm - ok

20:35:42.0858 0868        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:35:42.0887 0868        BrUsbSer - ok

20:35:42.0900 0868        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:35:42.0921 0868        BTHMODEM - ok

20:35:42.0942 0868        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:35:42.0972 0868        cdfs - ok

20:35:43.0009 0868        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:35:43.0049 0868        cdrom - ok

20:35:43.0058 0868        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:35:43.0080 0868        circlass - ok

20:35:43.0105 0868        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:35:43.0127 0868        CLFS - ok

20:35:43.0154 0868        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:35:43.0188 0868        CmBatt - ok

20:35:43.0203 0868        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:35:43.0217 0868        cmdide - ok

20:35:43.0251 0868        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

20:35:43.0280 0868        CNG - ok

20:35:43.0292 0868        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:35:43.0300 0868        Compbatt - ok

20:35:43.0326 0868        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:35:43.0379 0868        CompositeBus - ok

20:35:43.0388 0868        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:35:43.0400 0868        crcdisk - ok

20:35:43.0459 0868        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:35:43.0504 0868        DfsC - ok

20:35:43.0518 0868        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:35:43.0544 0868        discache - ok

20:35:43.0567 0868        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:35:43.0575 0868        Disk - ok

20:35:43.0605 0868        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:35:43.0643 0868        drmkaud - ok

20:35:43.0737 0868        dump_wmimmc - ok

20:35:43.0770 0868        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:35:43.0801 0868        DXGKrnl - ok

20:35:43.0826 0868        EagleX64 - ok

20:35:43.0898 0868        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:35:43.0955 0868        ebdrv - ok

20:35:43.0987 0868        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:35:44.0001 0868        elxstor - ok

20:35:44.0027 0868        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:35:44.0062 0868        ErrDev - ok

20:35:44.0079 0868        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:35:44.0127 0868        exfat - ok

20:35:44.0142 0868        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:35:44.0173 0868        fastfat - ok

20:35:44.0187 0868        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:35:44.0206 0868        fdc - ok

20:35:44.0232 0868        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:35:44.0240 0868        FileInfo - ok

20:35:44.0249 0868        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:35:44.0291 0868        Filetrace - ok

20:35:44.0305 0868        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:35:44.0314 0868        flpydisk - ok

20:35:44.0349 0868        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:35:44.0360 0868        FltMgr - ok

20:35:44.0375 0868        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:35:44.0383 0868        FsDepends - ok

20:35:44.0399 0868        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:35:44.0406 0868        Fs_Rec - ok

20:35:44.0437 0868        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:35:44.0448 0868        fvevol - ok

20:35:44.0463 0868        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:35:44.0471 0868        gagp30kx - ok

20:35:44.0480 0868        gdrv - ok

20:35:44.0513 0868        hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

20:35:44.0524 0868        hamachi - ok

20:35:44.0561 0868        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:35:44.0593 0868        hcw85cir - ok

20:35:44.0642 0868        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:35:44.0674 0868        HdAudAddService - ok

20:35:44.0705 0868        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:35:44.0738 0868        HDAudBus - ok

20:35:44.0769 0868        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

20:35:44.0782 0868        HECIx64 - ok

20:35:44.0789 0868        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:35:44.0817 0868        HidBatt - ok

20:35:44.0830 0868        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:35:44.0867 0868        HidBth - ok

20:35:44.0873 0868        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:35:44.0910 0868        HidIr - ok

20:35:44.0942 0868        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:35:44.0972 0868        HidUsb - ok

20:35:44.0997 0868        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:35:45.0007 0868        HpSAMD - ok

20:35:45.0059 0868        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:35:45.0121 0868        HTTP - ok

20:35:45.0149 0868        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:35:45.0159 0868        hwpolicy - ok

20:35:45.0177 0868        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:35:45.0190 0868        i8042prt - ok

20:35:45.0221 0868        iaStor          (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys

20:35:45.0234 0868        iaStor - ok

20:35:45.0256 0868        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:35:45.0273 0868        iaStorV - ok

20:35:45.0285 0868        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:35:45.0293 0868        iirsp - ok

20:35:45.0361 0868        IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys

20:35:45.0397 0868        IntcAzAudAddService - ok

20:35:45.0417 0868        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:35:45.0424 0868        intelide - ok

20:35:45.0450 0868        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:35:45.0464 0868        intelppm - ok

20:35:45.0495 0868        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:35:45.0550 0868        IpFilterDriver - ok

20:35:45.0572 0868        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:35:45.0582 0868        IPMIDRV - ok

20:35:45.0595 0868        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:35:45.0633 0868        IPNAT - ok

20:35:45.0660 0868        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:35:45.0698 0868        IRENUM - ok

20:35:45.0713 0868        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:35:45.0730 0868        isapnp - ok

20:35:45.0750 0868        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:35:45.0765 0868        iScsiPrt - ok

20:35:45.0787 0868        JRAID           (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys

20:35:45.0796 0868        JRAID - ok

20:35:45.0810 0868        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:35:45.0821 0868        kbdclass - ok

20:35:45.0832 0868        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

20:35:45.0856 0868        kbdhid - ok

20:35:45.0876 0868        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

20:35:45.0888 0868        KSecDD - ok

20:35:45.0921 0868        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

20:35:45.0934 0868        KSecPkg - ok

20:35:45.0951 0868        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:35:45.0994 0868        ksthunk - ok

20:35:46.0044 0868        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

20:35:46.0050 0868        LHidFilt - ok

20:35:46.0077 0868        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:35:46.0115 0868        lltdio - ok

20:35:46.0132 0868        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

20:35:46.0138 0868        LMouFilt - ok

20:35:46.0178 0868        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:35:46.0187 0868        LSI_FC - ok

20:35:46.0193 0868        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:35:46.0202 0868        LSI_SAS - ok

20:35:46.0208 0868        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:35:46.0216 0868        LSI_SAS2 - ok

20:35:46.0224 0868        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:35:46.0233 0868        LSI_SCSI - ok

20:35:46.0258 0868        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:35:46.0318 0868        luafv - ok

20:35:46.0342 0868        LUsbFilt        (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys

20:35:46.0348 0868        LUsbFilt - ok

20:35:46.0355 0868        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:35:46.0363 0868        megasas - ok

20:35:46.0379 0868        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:35:46.0391 0868        MegaSR - ok

20:35:46.0399 0868        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:35:46.0438 0868        Modem - ok

20:35:46.0461 0868        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:35:46.0481 0868        monitor - ok

20:35:46.0495 0868        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:35:46.0504 0868        mouclass - ok

20:35:46.0533 0868        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:35:46.0559 0868        mouhid - ok

20:35:46.0597 0868        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:35:46.0615 0868        mountmgr - ok

20:35:46.0636 0868        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:35:46.0664 0868        mpio - ok

20:35:46.0678 0868        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:35:46.0707 0868        mpsdrv - ok

20:35:46.0738 0868        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:35:46.0760 0868        MRxDAV - ok

20:35:46.0779 0868        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:35:46.0798 0868        mrxsmb - ok

20:35:46.0833 0868        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:35:46.0844 0868        mrxsmb10 - ok

20:35:46.0858 0868        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:35:46.0868 0868        mrxsmb20 - ok

20:35:46.0887 0868        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:35:46.0895 0868        msahci - ok

20:35:46.0912 0868        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:35:46.0921 0868        msdsm - ok

20:35:46.0942 0868        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:35:46.0967 0868        Msfs - ok

20:35:46.0977 0868        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:35:47.0008 0868        mshidkmdf - ok

20:35:47.0026 0868        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:35:47.0033 0868        msisadrv - ok

20:35:47.0060 0868        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:35:47.0092 0868        MSKSSRV - ok

20:35:47.0098 0868        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:35:47.0132 0868        MSPCLOCK - ok

20:35:47.0138 0868        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:35:47.0177 0868        MSPQM - ok

20:35:47.0204 0868        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:35:47.0231 0868        MsRPC - ok

20:35:47.0247 0868        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:35:47.0254 0868        mssmbios - ok

20:35:47.0265 0868        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:35:47.0290 0868        MSTEE - ok

20:35:47.0295 0868        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:35:47.0310 0868        MTConfig - ok

20:35:47.0324 0868        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:35:47.0332 0868        Mup - ok

20:35:47.0360 0868        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:35:47.0386 0868        NativeWifiP - ok

20:35:47.0444 0868        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:35:47.0482 0868        NDIS - ok

20:35:47.0494 0868        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:35:47.0531 0868        NdisCap - ok

20:35:47.0555 0868        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:35:47.0591 0868        NdisTapi - ok

20:35:47.0625 0868        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:35:47.0688 0868        Ndisuio - ok

20:35:47.0722 0868        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:35:47.0768 0868        NdisWan - ok

20:35:47.0794 0868        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:35:47.0848 0868        NDProxy - ok

20:35:47.0854 0868        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:35:47.0897 0868        NetBIOS - ok

20:35:47.0933 0868        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:35:47.0993 0868        NetBT - ok

20:35:48.0031 0868        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:35:48.0041 0868        nfrd960 - ok

20:35:48.0074 0868        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:35:48.0133 0868        Npfs - ok

20:35:48.0167 0868        NPPTNT2 - ok

20:35:48.0179 0868        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:35:48.0239 0868        nsiproxy - ok

20:35:48.0279 0868        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:35:48.0313 0868        Ntfs - ok

20:35:48.0323 0868        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:35:48.0362 0868        Null - ok

20:35:48.0390 0868        nusb3hub        (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys

20:35:48.0420 0868        nusb3hub - ok

20:35:48.0451 0868        nusb3xhc        (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys

20:35:48.0499 0868        nusb3xhc - ok

20:35:48.0535 0868        NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

20:35:48.0551 0868        NVHDA - ok

20:35:48.0790 0868        nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:35:48.0925 0868        nvlddmkm - ok

20:35:48.0966 0868        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:35:48.0975 0868        nvraid - ok

20:35:48.0988 0868        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:35:48.0997 0868        nvstor - ok

20:35:49.0038 0868        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:35:49.0058 0868        nv_agp - ok

20:35:49.0090 0868        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:35:49.0121 0868        ohci1394 - ok

20:35:49.0160 0868        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:35:49.0178 0868        Parport - ok

20:35:49.0209 0868        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:35:49.0219 0868        partmgr - ok

20:35:49.0237 0868        pccsmcfd - ok

20:35:49.0253 0868        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:35:49.0264 0868        pci - ok

20:35:49.0279 0868        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:35:49.0288 0868        pciide - ok

20:35:49.0300 0868        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:35:49.0312 0868        pcmcia - ok

20:35:49.0332 0868        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:35:49.0341 0868        pcw - ok

20:35:49.0361 0868        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:35:49.0422 0868        PEAUTH - ok

20:35:49.0498 0868        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:35:49.0554 0868        PptpMiniport - ok

20:35:49.0571 0868        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:35:49.0587 0868        Processor - ok

20:35:49.0641 0868        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:35:49.0697 0868        Psched - ok

20:35:49.0733 0868        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:35:49.0768 0868        ql2300 - ok

20:35:49.0775 0868        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:35:49.0784 0868        ql40xx - ok

20:35:49.0797 0868        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:35:49.0818 0868        QWAVEdrv - ok

20:35:49.0824 0868        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:35:49.0849 0868        RasAcd - ok

20:35:49.0874 0868        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:35:49.0899 0868        RasAgileVpn - ok

20:35:49.0940 0868        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:35:50.0001 0868        Rasl2tp - ok

20:35:50.0018 0868        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:35:50.0055 0868        RasPppoe - ok

20:35:50.0074 0868        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:35:50.0101 0868        RasSstp - ok

20:35:50.0142 0868        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:35:50.0187 0868        rdbss - ok

20:35:50.0200 0868        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:35:50.0211 0868        rdpbus - ok

20:35:50.0228 0868        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:35:50.0253 0868        RDPCDD - ok

20:35:50.0274 0868        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:35:50.0309 0868        RDPENCDD - ok

20:35:50.0322 0868        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:35:50.0347 0868        RDPREFMP - ok

20:35:50.0383 0868        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

20:35:50.0426 0868        RDPWD - ok

20:35:50.0482 0868        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:35:50.0504 0868        rdyboost - ok

20:35:50.0547 0868        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:35:50.0586 0868        rspndr - ok

20:35:50.0625 0868        RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:35:50.0643 0868        RTL8167 - ok

20:35:50.0676 0868        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:35:50.0689 0868        sbp2port - ok

20:35:50.0735 0868        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:35:50.0776 0868        scfilter - ok

20:35:50.0792 0868        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:35:50.0832 0868        secdrv - ok

20:35:50.0870 0868        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:35:50.0891 0868        Serenum - ok

20:35:50.0912 0868        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:35:50.0953 0868        Serial - ok

20:35:50.0979 0868        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:35:51.0009 0868        sermouse - ok

20:35:51.0037 0868        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:35:51.0070 0868        sffdisk - ok

20:35:51.0086 0868        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:35:51.0116 0868        sffp_mmc - ok

20:35:51.0123 0868        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:35:51.0158 0868        sffp_sd - ok

20:35:51.0175 0868        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:35:51.0213 0868        sfloppy - ok

20:35:51.0242 0868        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:35:51.0253 0868        SiSRaid2 - ok

20:35:51.0260 0868        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:35:51.0272 0868        SiSRaid4 - ok

20:35:51.0287 0868        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:35:51.0337 0868        Smb - ok

20:35:51.0380 0868        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:35:51.0397 0868        spldr - ok

20:35:51.0436 0868        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:35:51.0461 0868        srv - ok

20:35:51.0483 0868        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:35:51.0497 0868        srv2 - ok

20:35:51.0512 0868        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:35:51.0537 0868        srvnet - ok

20:35:51.0578 0868        sscdbus         (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys

20:35:51.0593 0868        sscdbus - ok

20:35:51.0628 0868        sscdmdfl        (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys

20:35:51.0639 0868        sscdmdfl - ok

20:35:51.0667 0868        sscdmdm         (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys

20:35:51.0682 0868        sscdmdm - ok

20:35:51.0732 0868        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys

20:35:51.0737 0868        StarOpen ( UnsignedFile.Multi.Generic ) - warning

20:35:51.0737 0868        StarOpen - detected UnsignedFile.Multi.Generic (1)

20:35:51.0796 0868        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:35:51.0811 0868        stexstor - ok

20:35:51.0826 0868        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:35:51.0835 0868        swenum - ok

20:35:51.0892 0868        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:35:51.0940 0868        Tcpip - ok

20:35:51.0962 0868        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:35:51.0988 0868        TCPIP6 - ok

20:35:52.0026 0868        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:35:52.0083 0868        tcpipreg - ok

20:35:52.0107 0868        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:35:52.0138 0868        TDPIPE - ok

20:35:52.0144 0868        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

20:35:52.0175 0868        TDTCP - ok

20:35:52.0214 0868        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:35:52.0256 0868        tdx - ok

20:35:52.0283 0868        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:35:52.0291 0868        TermDD - ok

20:35:52.0339 0868        TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys

20:35:52.0352 0868        TFsExDisk - ok

20:35:52.0406 0868        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:35:52.0459 0868        tssecsrv - ok

20:35:52.0506 0868        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:35:52.0515 0868        TsUsbFlt - ok

20:35:52.0556 0868        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:35:52.0612 0868        tunnel - ok

20:35:52.0626 0868        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:35:52.0635 0868        uagp35 - ok

20:35:52.0670 0868        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:35:52.0729 0868        udfs - ok

20:35:52.0760 0868        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:35:52.0768 0868        uliagpkx - ok

20:35:52.0804 0868        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:35:52.0819 0868        umbus - ok

20:35:52.0838 0868        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:35:52.0854 0868        UmPass - ok

20:35:52.0870 0868        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

20:35:52.0896 0868        usbaudio - ok

20:35:52.0912 0868        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:35:52.0922 0868        usbccgp - ok

20:35:52.0941 0868        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:35:52.0953 0868        usbcir - ok

20:35:52.0966 0868        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

20:35:52.0986 0868        usbehci - ok

20:35:53.0003 0868        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:35:53.0027 0868        usbhub - ok

20:35:53.0045 0868        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:35:53.0062 0868        usbohci - ok

20:35:53.0079 0868        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:35:53.0093 0868        usbprint - ok

20:35:53.0132 0868        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:35:53.0149 0868        usbscan - ok

20:35:53.0165 0868        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:35:53.0183 0868        USBSTOR - ok

20:35:53.0198 0868        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:35:53.0216 0868        usbuhci - ok

20:35:53.0235 0868        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:35:53.0243 0868        vdrvroot - ok

20:35:53.0262 0868        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:35:53.0273 0868        vga - ok

20:35:53.0287 0868        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:35:53.0322 0868        VgaSave - ok

20:35:53.0337 0868        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:35:53.0348 0868        vhdmp - ok

20:35:53.0373 0868        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:35:53.0380 0868        viaide - ok

20:35:53.0393 0868        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:35:53.0401 0868        volmgr - ok

20:35:53.0438 0868        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:35:53.0451 0868        volmgrx - ok

20:35:53.0466 0868        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:35:53.0477 0868        volsnap - ok

20:35:53.0504 0868        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:35:53.0514 0868        vsmraid - ok

20:35:53.0533 0868        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

20:35:53.0544 0868        vwifibus - ok

20:35:53.0552 0868        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:35:53.0578 0868        WacomPen - ok

20:35:53.0600 0868        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:35:53.0626 0868        WANARP - ok

20:35:53.0628 0868        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:35:53.0652 0868        Wanarpv6 - ok

20:35:53.0663 0868        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:35:53.0670 0868        Wd - ok

20:35:53.0686 0868        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:35:53.0702 0868        Wdf01000 - ok

20:35:53.0730 0868        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:35:53.0755 0868        WfpLwf - ok

20:35:53.0769 0868        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:35:53.0776 0868        WIMMount - ok

20:35:53.0799 0868        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:35:53.0809 0868        WmiAcpi - ok

20:35:53.0820 0868        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:35:53.0849 0868        ws2ifsl - ok

20:35:53.0889 0868        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:35:53.0944 0868        WudfPf - ok

20:35:53.0979 0868        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:35:54.0028 0868        WUDFRd - ok

20:35:54.0119 0868        X6va005 - ok

20:35:54.0149 0868        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:35:54.0241 0868        \Device\Harddisk0\DR0 - ok

20:35:54.0245 0868        Boot (0x1200)   (d7c09c274c3511a5f259eec98560d6ed) \Device\Harddisk0\DR0\Partition0

20:35:54.0246 0868        \Device\Harddisk0\DR0\Partition0 - ok

20:35:54.0275 0868        Boot (0x1200)   (1f5b8ef6543cc5e40e65f41101416ad9) \Device\Harddisk0\DR0\Partition1

20:35:54.0276 0868        \Device\Harddisk0\DR0\Partition1 - ok

20:35:54.0298 0868        Boot (0x1200)   (6a0bbc8eceb803e5e0167e5005cbf087) \Device\Harddisk0\DR0\Partition2

20:35:54.0299 0868        \Device\Harddisk0\DR0\Partition2 - ok

20:35:54.0299 0868        ============================================================

20:35:54.0299 0868        Scan finished

20:35:54.0299 0868        ============================================================

20:35:54.0310 4876        Detected object count: 1

20:35:54.0310 4876        Actual detected object count: 1

20:36:56.0160 4876        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

20:36:56.0160 4876        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo,
Ich habe Combofix ausgeführt, aber war währenddessen einfach was fernschauen gegangen. Als ich dann wieder kam, fand ich mich im Anmeldebildschirm von Windows wieder. Dachte halt Combofix hätte einfach pc neugestartet. Als ich mich dann angemeldet hatte, kamen sehr schnell Fenster von Combofix, doch diese schlossen sich wieder schnell, öffneten sich dann wieder usw. Dachte er müsste halt noch etwas fertigstellen. Dieses Spielchen ging dann immer weiter, ich habe 1 stunde gewartet doch es tat sich nichts. Ich konnte beim Computer auf nichts klicken da sich die Anwendung sofort in der Vordergrund schob. Dies kam mir komisch vor und da ein Fenster zwischenzeitlich mal für eine Sekunde stehen blieb, hab ich auf x geklickt. Nun, es wurde mir kein Log gezeigt, woraufhin ich in C: nach dem log geschaut habe, jedoch keines vorhanden war. Allerdings besteht da ein ordner von Combofix und ein Ordner Qoobox, jedoch weiß ich nicht was ich jetzt tun soll, bitte um Hilfe :S
Edit: Habe etwas in der Qoobox rumgeschaut, da befinden sich: Install.exe.vir , im Ordner ProgramData ntuser.dat.vir , und im Ordner Windows und dann im Unterordner System32 java.exe.vir , Hoffe mal das ist hilfreich o.O

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Auch das erneute Runterladen von combofix.exe löste das Problem nicht, ich bin hier langsam am verzweifeln :o Kann das Problem halt nicht so genau beschreiben, im Prinzip öffnet sich einfenster kurz, schließt sich wieder, ein neues öffnet sich und so weiter. Und der Log wird auch nicht erstellt :(

Probier es im abgesicherten mit Netzwerk

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: