Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   bundespolizei trojaner übereste finden (https://www.trojaner-board.de/109877-bundespolizei-trojaner-uebereste-finden.html)

ferrys 14.02.2012 11:07
bundespolizei trojaner übereste finden
 
Hallo,

Ich habe es gestern geschafft mir den "bundespolizei trojaner" einzufangen.
(Welche Version weis ich leider nicht) Ich probierte als 1. den abgesicherten Modus und suchte mir im Netz informationen dazu.
Letztendlich löschte ich 2 Dateien mit Malwarebytes und führte eine systemwiederherstellung durch.
Letztendlich ist mir klar das nur ein neuaufsetzen des systems absolute sicherheit bringt. Mein Problem ist nun ich arbeite mit diesem Pc und das system neuaufsetzen würde mich wohl einige Tage kosten.
Meine Frage nun kann ich eventuelle überbleibsel finden, und wie kann ich mich bis zum neuaufsetzen des systems schützen.

ich benutze eset smart security.

defogger brachte kein ergebniss.
dds bringt nur kurz ein cmd fenster und verschwindet gleich wieder.

Ich hoffe ich habe mich an die Regeln gehalten(wenn nicht bitte darauf hinnweisen)

Lg ferrys

E. dds hat doch noch funktioniert

cosinus 14.02.2012 17:32
Zitat:
Letztendlich löschte ich 2 Dateien mit Malwarebytes und führte eine systemwiederherstellung durch.
Ohne die Logs von Malwarebytes wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

ferrys 14.02.2012 18:58
Danke für die superschnelle Hilfe!

So habe nun mit einigem Zeitaufand das alte Log vom berreits wieder deinstallierten Programm gefunden.
Nachträgliche Scans erbrachten keine Ergebnisse.

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.13.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
********* :: **********-PC [Administrator]

Schutz: Deaktiviert

13.02.2012 18:40:47
mbam-log-2012-02-13 (18-40-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 182831
Laufzeit: 2 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\FERRYS\AppData\Local\Temp\0.6368159088400085.exe (Trojan.Downloader.lb) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\FERRYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6368159088400085.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 14.02.2012 21:22
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

ferrys 16.02.2012 00:10
Malwarebytes Full Scan keine früheren vorhanden

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ferrys :: FERRYS-PC [Administrator]

Schutz: Aktiviert

15.02.2012 16:32:45
newmbam-log-2012-02-15 (17-49-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407702
Laufzeit: 1 Stunde(n), 16 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ferrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3224710b-6e742568 (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

(Ende)
ESET Online Scanner

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=018489fc10accb4db7a5356f5f48c17a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-15 11:02:02
# local_time=2012-02-16 12:02:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 88087 80950140 0 0
# compatibility_mode=8201 39157117 100 75 79710 34480730 0 0
# scanned=492239
# found=8
# cleaned=0
# scan_time=26632
# nod_component=V3 Build:0x30000000
C:\Users\Ferrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3224710b-6e742568        a variant of Win32/Kryptik.ZTC trojan (unable to clean)        00000000000000000000000000000000        I
H:\Backup2011\usb stick\Backup\vlc-1.1.10-win32.exe        Win32/StartPage.OIE trojan (unable to clean)        00000000000000000000000000000000        I
H:\Backup2011\usb stick\Backup2\vlc-1.1.10-win32.exe        Win32/StartPage.OIE trojan (unable to clean)        00000000000000000000000000000000        I
H:\Real Collection\Programme\Apps\unlocker1.9.0.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

cosinus 16.02.2012 13:22
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

ferrys 16.02.2012 17:03
OTL LOG


Code:
OTL Extras logfile created on: 16.02.2012 16:44:57 - Run 1

cosinus 16.02.2012 17:29
Die extras brauch ich nicht unbedingt, wichtiger ist die otl.txt

ferrys 16.02.2012 17:33
Ich bitte vielmals um Entschuldigung files verwechselt.

Code:
OTL logfile created on: 16.02.2012 16:44:57 - Run 1
OTL by OldTimer - Version 3.2.32.0    Folder = C:\Users\Ferrys\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,56% Memory free
8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 347,47 Gb Free Space | 74,62% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FERRYS-PC | User Name: Ferrys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ferrys\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
 
 
 
 
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 D4 C6 D6 68 E3 CC 01  [binary data]
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sdx.cc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1635077&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.7
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: guillaume.lecanu@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.14 20:07:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.26 13:17:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.06.20 18:06:05 | 000,000,000 | ---D | M]
 
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Extensions
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions
[2012.01.18 16:58:46 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.02.11 10:26:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions\foxyproxy@eric.h.jung
[2011.08.30 20:33:57 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions\netvideohunter@netvideohunter.com
[2011.06.20 17:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\SABNZBDSTATUS@DQ5STUDIOS.COM.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.02.14 20:07:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.14 20:07:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 20:07:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 20:07:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 20:07:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 20:07:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 20:07:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.16 17:41:13 | 000,000,040 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{307E969D-F398-48F8-A339-852C4FD13F76}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell - "" = AutoRun
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.16 16:30:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ferrys\Desktop\OTL.exe
[2012.02.14 18:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.14 18:54:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.14 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.13 20:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.13 20:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.02.13 18:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Malwarebytes
[2012.02.13 18:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.12 13:16:23 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\TeknoGods
[2012.02.12 00:11:52 | 000,000,000 | ---D | C] -- C:\Sandbox
[2012.02.12 00:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.02.11 23:48:46 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\VirtualBox VMs
[2012.02.11 23:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\.VirtualBox
[2012.02.07 17:27:08 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Lexicon PCM Native
[2012.02.07 17:26:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
[2012.02.07 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexicon
[2012.02.06 19:59:54 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\tatoo
[2012.02.06 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Documents\My Games
[2012.02.06 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\FalloutNV
[2012.02.04 10:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.04 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.02.04 10:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.02.04 10:39:50 | 000,000,000 | ---D | C] -- C:\AMD
[2012.02.03 15:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.02.03 14:53:24 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\PunkBuster
[2012.02.03 14:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.02.03 07:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.01.31 18:53:56 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Documents\iZotope
[2012.01.31 18:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\iZotope
[2012.01.30 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Skrillex - More Monsters And Sprites
[2012.01.29 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Documents\FXpansion
[2012.01.29 20:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXpansion
[2012.01.29 20:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FXpansion
[2012.01.29 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\FXpansion
[2012.01.29 20:13:53 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Backup fl desk download
[2012.01.29 18:00:24 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Party2012
[2012.01.29 14:12:38 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Tony Hawks Complete OST
[2012.01.29 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\runic games
[2012.01.28 12:30:36 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\Funcom
[2012.01.27 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\CrashRpt
[2012.01.26 20:48:50 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Line 6
[2012.01.26 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6
[2012.01.26 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Line 6
[2012.01.26 20:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2012.01.26 20:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
[2012.01.26 20:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
[2012.01.26 20:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Camel Audio
[2012.01.26 10:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\J's Stuff
[2012.01.26 10:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\jBridge
[2012.01.26 10:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Waves Audio
[2012.01.23 17:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio
[2012.01.22 12:01:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.01.21 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\AMD
[2012.01.21 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.01.21 22:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.01.21 22:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.01.21 13:37:23 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Schuhe 40 euro bestellen
[2012.01.21 00:22:59 | 000,000,000 | RH-D | C] -- C:\Users\Ferrys\AppData\Roaming\SecuROM
[2012.01.19 21:11:12 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Cubase ungeordnet
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.16 16:30:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ferrys\Desktop\OTL.exe
[2012.02.16 16:30:30 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 16:30:30 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 16:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.16 16:17:48 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.16 06:34:54 | 004,857,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 17:42:24 | 000,274,411 | ---- | M] () -- C:\Users\Ferrys\Desktop\newsound.zip
[2012.02.15 17:28:07 | 000,001,900 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.02.15 16:56:13 | 001,519,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.15 16:56:13 | 000,654,016 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.15 16:56:13 | 000,615,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.15 16:56:13 | 000,129,888 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.15 16:56:13 | 000,106,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.14 19:08:08 | 000,000,000 | ---- | M] () -- C:\Users\Ferrys\defogger_reenable
[2012.02.14 18:54:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 19:02:12 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.02.04 14:19:31 | 000,017,726 | ---- | M] () -- C:\Users\Ferrys\Documents\cc_20120204_141929.reg
[2012.02.03 14:53:27 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.03 14:53:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.26 21:34:26 | 000,030,086 | ---- | M] () -- C:\Users\Ferrys\Documents\cc_20120126_213423.reg
[2012.01.19 21:20:46 | 000,011,618 | ---- | M] () -- C:\Users\Ferrys\Documents\cc_20120119_212042.reg
[2012.01.19 17:45:28 | 000,286,208 | ---- | M] () -- C:\Windows\SysWow64\Xbinkw32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.15 17:40:11 | 000,274,411 | ---- | C] () -- C:\Users\Ferrys\Desktop\newsound.zip
[2012.02.14 19:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Ferrys\defogger_reenable
[2012.02.14 18:54:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 20:18:01 | 000,001,900 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.02.13 19:01:58 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.02.04 14:19:30 | 000,017,726 | ---- | C] () -- C:\Users\Ferrys\Documents\cc_20120204_141929.reg
[2012.02.03 14:53:27 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.03 14:53:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.26 21:34:25 | 000,030,086 | ---- | C] () -- C:\Users\Ferrys\Documents\cc_20120126_213423.reg
[2012.01.19 21:20:45 | 000,011,618 | ---- | C] () -- C:\Users\Ferrys\Documents\cc_20120119_212042.reg
[2012.01.19 17:38:58 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\Xbinkw32.dll
[2012.01.13 20:44:25 | 000,000,081 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MPluginConfiguration.xml
[2012.01.13 20:43:15 | 000,005,622 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MNoiseGeneratorpresets.xml
[2012.01.13 20:01:23 | 000,020,335 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MHarmonizerpresets.xml
[2012.01.13 20:01:23 | 000,017,558 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MModernCompressorpresets.xml
[2012.01.13 20:01:23 | 000,003,597 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MTransientpresets.xml
[2012.01.13 20:01:19 | 000,017,537 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MDelaypresets.xml
[2012.01.13 20:01:19 | 000,010,793 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MDistortionpresets.xml
[2012.01.13 20:01:19 | 000,004,377 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MChoruspresets.xml
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.25 18:41:22 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.11.25 18:41:06 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.11.25 18:40:55 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.11.21 21:24:23 | 000,036,864 | ---- | C] () -- C:\Windows\Algouinstall.exe
[2011.11.21 21:11:15 | 000,001,547 | ---- | C] () -- C:\Windows\SysWow64\privatedata.dll
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.21 23:24:18 | 000,013,158 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MOscillatorpresets.xml
[2011.10.21 23:24:18 | 000,006,687 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\menvelopepresets.xml
[2011.10.21 23:24:18 | 000,002,820 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2011.10.21 23:24:18 | 000,002,492 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2011.10.21 23:24:18 | 000,001,235 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2011.10.21 23:24:18 | 000,001,011 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MValueToColor5presets.xml
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.07 19:29:06 | 000,007,602 | ---- | C] () -- C:\Users\Ferrys\AppData\Local\Resmon.ResmonCfg
[2011.06.20 17:41:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.09 16:00:00 | 000,667,255 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandRhythmizerpresets.xml
[2010.11.09 16:00:00 | 000,208,881 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandReverbpresets.xml
[2010.11.09 16:00:00 | 000,193,849 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandDistortionpresets.xml
[2010.11.09 16:00:00 | 000,191,692 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MAnalyzerpresets.xml
[2010.11.09 16:00:00 | 000,163,535 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandConvolutionpresets.xml
[2010.11.09 16:00:00 | 000,154,345 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandAutopanpresets.xml
[2010.11.09 16:00:00 | 000,152,555 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandFreqShifterpresets.xml
[2010.11.09 16:00:00 | 000,137,827 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandFlangerpresets.xml
[2010.11.09 16:00:00 | 000,127,297 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFilterpresets.xml
[2010.11.09 16:00:00 | 000,125,408 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandVibratopresets.xml
[2010.11.09 16:00:00 | 000,120,395 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandChoruspresets.xml
[2010.11.09 16:00:00 | 000,115,704 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandPhaserpresets.xml
[2010.11.09 16:00:00 | 000,115,695 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandHarmonizerpresets.xml
[2010.11.09 16:00:00 | 000,091,447 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandDelaypresets.xml
[2010.11.09 16:00:00 | 000,086,911 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandRingModulatorpresets.xml
[2010.11.09 16:00:00 | 000,086,536 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequencepresets.xml
[2010.11.09 16:00:00 | 000,084,095 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MReverbpresets.xml
[2010.11.09 16:00:00 | 000,081,019 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandTremolopresets.xml
[2010.11.09 16:00:00 | 000,059,052 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandWaveShaperpresets.xml
[2010.11.09 16:00:00 | 000,051,825 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml
[2010.11.09 16:00:00 | 000,042,795 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerpresets.xml
[2010.11.09 16:00:00 | 000,038,763 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandTransientpresets.xml
[2010.11.09 16:00:00 | 000,032,410 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandSaturatorpresets.xml
[2010.11.09 16:00:00 | 000,028,727 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MSpectralDynamicspresets.xml
[2010.11.09 16:00:00 | 000,024,793 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandDynamicspresets.xml
[2010.11.09 16:00:00 | 000,021,794 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MDynamicspresets.xml
[2010.11.09 16:00:00 | 000,013,964 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFlangerpresets.xml
[2010.11.09 16:00:00 | 000,012,248 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequenceSetpresets.xml
[2010.11.09 16:00:00 | 000,011,422 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFreeformEqualizerpresets.xml
[2010.11.09 16:00:00 | 000,010,520 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandLimiterpresets.xml
[2010.11.09 16:00:00 | 000,009,119 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFreqShifterpresets.xml
[2010.11.09 16:00:00 | 000,007,355 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MEqualizerLinearPhasepresets.xml
[2010.11.09 16:00:00 | 000,007,130 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MEqualizerpresets.xml
[2010.11.09 16:00:00 | 000,006,953 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFreeformAnalogEqpresets.xml
[2010.11.09 16:00:00 | 000,006,444 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MCompressorpresets.xml
[2010.11.09 16:00:00 | 000,005,138 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MWaveShaperpresets.xml
[2010.11.09 16:00:00 | 000,005,022 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml
[2010.11.09 16:00:00 | 000,004,362 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MPhaserpresets.xml
[2010.11.09 16:00:00 | 000,003,771 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRingModulatorpresets.xml
[2010.11.09 16:00:00 | 000,003,017 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MStereoProcessorpresets.xml
[2010.11.09 16:00:00 | 000,002,775 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MStereoExpanderpresets.xml
[2010.11.09 16:00:00 | 000,002,666 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MVibratopresets.xml
[2010.11.09 16:00:00 | 000,002,366 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MTremolopresets.xml
[2010.11.09 16:00:00 | 000,001,907 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MAutopanpresets.xml
[2010.11.09 16:00:00 | 000,001,381 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MLimiterpresets.xml
[2010.11.09 16:00:00 | 000,000,688 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MUltraMaximizerpresets.xml
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.08.19 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\.minecraft
[2012.01.12 22:16:26 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Ableton
[2011.06.21 11:55:25 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Acronis
[2012.01.22 16:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\AIMP3
[2011.11.20 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ASK Video
[2011.12.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Bioshock2
[2012.01.26 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Celemony Software GmbH
[2011.06.21 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Cytomic
[2012.02.16 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\DAEMON Tools Lite
[2011.07.28 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Day 1 Studios
[2011.11.24 22:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Drumagog 5
[2011.06.20 18:06:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ESET
[2011.06.21 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FabFilter
[2011.08.07 12:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FreeFLVConverter
[2012.01.29 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FXpansion
[2011.06.21 15:51:55 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Image-Line
[2012.01.31 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\iZotope
[2012.02.07 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Lexicon PCM Native
[2011.06.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\LibreOffice
[2012.01.26 20:51:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Line 6
[2012.01.19 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction
[2012.01.13 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction IR
[2011.07.29 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MAutoEqualizer
[2011.06.21 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFilter
[2011.07.29 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFreeformAnalogEq
[2011.11.13 00:16:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandAutopan
[2011.11.25 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandChorus
[2011.06.21 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandConvolution
[2011.07.30 19:36:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDelay
[2011.12.28 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDistortion
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamics
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge
[2011.11.25 23:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFlanger
[2011.06.21 15:28:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFreqShifter
[2011.07.29 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandHarmonizer
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandLimiter
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandPhaser
[2011.07.30 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandReverb
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRhythmizer
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRingModulator
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandSaturator
[2011.11.02 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTransient
[2011.12.07 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTremolo
[2011.06.21 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandVibrato
[2011.11.02 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandWaveShaper
[2011.06.21 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MReverb
[2011.12.16 19:13:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MRhythmizer
[2011.09.12 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MSpectralDynamicsMini
[2011.09.12 16:29:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MStereoProcessor
[2011.09.12 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MUltraMaximizer
[2011.10.21 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MSPS
[2011.10.21 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MTexturedStyles
[2012.02.16 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\NetSpeedMonitor
[2011.08.28 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\OnLive App
[2011.06.29 07:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Propellerhead Software
[2012.02.03 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\PunkBuster
[2011.06.29 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\RIFT
[2011.08.18 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Rovio
[2012.01.29 12:31:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\runic games
[2011.11.21 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Sonalksis
[2011.06.22 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Steinberg
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Thunderbird
[2011.07.05 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TrueCrypt
[2011.11.21 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TS3Client
[2011.10.11 17:29:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\V-Plugs
[2011.11.25 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\VST3 Presets
[2011.11.13 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Waves Audio
[2012.01.14 13:15:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.19 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\.minecraft
[2012.01.12 22:16:26 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Ableton
[2011.06.21 11:55:25 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Acronis
[2011.11.16 20:37:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Adobe
[2011.06.20 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Adobe-BackupByPhotoshopPortable
[2012.01.22 16:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\AIMP3
[2011.11.17 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Apple Computer
[2011.11.20 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ASK Video
[2011.06.20 17:42:28 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ATI
[2011.12.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Bioshock2
[2012.01.26 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Celemony Software GmbH
[2011.06.21 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Cytomic
[2012.02.16 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\DAEMON Tools Lite
[2011.07.28 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Day 1 Studios
[2011.11.24 22:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Drumagog 5
[2011.11.25 13:13:21 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\dvdcss
[2011.06.20 18:06:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ESET
[2011.06.21 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FabFilter
[2011.08.07 12:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FreeFLVConverter
[2012.01.29 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FXpansion
[2011.06.20 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Identities
[2011.06.21 15:51:55 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Image-Line
[2011.06.20 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\InstallShield
[2012.01.31 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\iZotope
[2012.02.07 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Lexicon PCM Native
[2011.06.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\LibreOffice
[2012.01.26 20:51:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Line 6
[2011.06.20 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Macromedia
[2012.02.13 18:39:09 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Malwarebytes
[2010.11.21 07:28:37 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Media Center Programs
[2012.01.19 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction
[2012.01.13 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction IR
[2011.07.29 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MAutoEqualizer
[2011.06.21 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFilter
[2011.07.29 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFreeformAnalogEq
[2011.11.13 00:16:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandAutopan
[2011.11.25 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandChorus
[2011.06.21 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandConvolution
[2011.07.30 19:36:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDelay
[2011.12.28 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDistortion
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamics
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge
[2011.11.25 23:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFlanger
[2011.06.21 15:28:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFreqShifter
[2011.07.29 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandHarmonizer
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandLimiter
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandPhaser
[2011.07.30 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandReverb
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRhythmizer
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRingModulator
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandSaturator
[2011.11.02 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTransient
[2011.12.07 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTremolo
[2011.06.21 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandVibrato
[2011.11.02 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandWaveShaper
[2011.06.21 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MReverb
[2011.12.16 19:13:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MRhythmizer
[2011.09.12 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MSpectralDynamicsMini
[2011.09.12 16:29:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MStereoProcessor
[2011.09.12 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MUltraMaximizer
[2011.11.09 20:02:31 | 000,000,000 | --SD | M] -- C:\Users\Ferrys\AppData\Roaming\Microsoft
[2011.06.20 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Mozilla
[2011.10.21 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MSPS
[2011.10.21 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MTexturedStyles
[2012.02.16 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\NetSpeedMonitor
[2011.08.28 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\OnLive App
[2011.06.29 07:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Propellerhead Software
[2012.02.03 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\PunkBuster
[2011.06.29 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\RIFT
[2011.08.18 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Rovio
[2012.01.29 12:31:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\runic games
[2012.01.21 00:22:59 | 000,000,000 | RH-D | M] -- C:\Users\Ferrys\AppData\Roaming\SecuROM
[2011.11.21 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Sonalksis
[2011.06.22 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Steinberg
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Thunderbird
[2011.07.05 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TrueCrypt
[2011.11.21 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TS3Client
[2011.10.11 17:29:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\V-Plugs
[2012.02.13 18:49:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\vlc
[2011.11.25 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\VST3 Presets
[2011.11.13 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Waves Audio
[2011.06.20 18:17:15 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.09.08 00:12:50 | 000,964,584 | ---- | M] () -- C:\Users\Ferrys\AppData\Roaming\Line 6\L6TWXY\Tools\Line 6 Uninstaller.exe
[2011.12.06 14:33:27 | 000,003,128 | R--- | M] () -- C:\Users\Ferrys\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
[2011.06.20 22:39:22 | 000,010,134 | R--- | M] () -- C:\Users\Ferrys\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011.11.23 17:38:29 | 003,123,272 | R--- | M] () -- C:\Users\Ferrys\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 16.02.2012 20:49
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sdx.cc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1635077&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 D4 C6 D6 68 E3 CC 01  [binary data]
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell - "" = AutoRun
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ferrys 17.02.2012 11:43
Danke für die schnelle Hilfe und Antwort echt ein super Arbeit die ihr hier (in eurer Freizeit?) leistet.:daumenhoc

Code:
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "sdx.cc Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1635077&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.openintab
HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\setup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Ferrys
->Temp folder emptied: 8160589 bytes
->Temporary Internet Files folder emptied: 180358 bytes
->Java cache emptied: 748318 bytes
->FireFox cache emptied: 1194023464 bytes
->Flash cache emptied: 717 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20409102 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.167,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.32.0 log created on 02172012_113502

Files\Folders moved on Reboot...
C:\Users\Ferrys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 17.02.2012 17:52
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ferrys 18.02.2012 11:52
Code:
11:33:51.0405 4224        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:33:51.0690 4224        ============================================================
11:33:51.0690 4224        Current date / time: 2012/02/18 11:33:51.0690
11:33:51.0690 4224        SystemInfo:
11:33:51.0690 4224       
11:33:51.0690 4224        OS Version: 6.1.7601 ServicePack: 1.0
11:33:51.0690 4224        Product type: Workstation
11:33:51.0690 4224        ComputerName: FERRYS-PC
11:33:51.0690 4224        UserName: Ferrys
11:33:51.0690 4224        Windows directory: C:\Windows
11:33:51.0690 4224        System windows directory: C:\Windows
11:33:51.0690 4224        Running under WOW64
11:33:51.0690 4224        Processor architecture: Intel x64
11:33:51.0690 4224        Number of processors: 3
11:33:51.0690 4224        Page size: 0x1000
11:33:51.0690 4224        Boot type: Normal boot
11:33:51.0690 4224        ============================================================
11:33:52.0975 4224        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:33:52.0980 4224        Drive \Device\Harddisk1\DR1 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:33:52.0995 4224        \Device\Harddisk0\DR0:
11:33:52.0995 4224        MBR used
11:33:52.0995 4224        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:33:52.0995 4224        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:33:52.0995 4224        \Device\Harddisk1\DR1:
11:33:52.0995 4224        MBR used
11:33:52.0995 4224        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
11:33:53.0040 4224        Initialize success
11:33:53.0040 4224        ============================================================
11:34:44.0462 4672        ============================================================
11:34:44.0462 4672        Scan started
11:34:44.0462 4672        Mode: Manual; SigCheck; TDLFS;
11:34:44.0462 4672        ============================================================
11:34:44.0867 4672        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
11:34:44.0997 4672        1394ohci - ok
11:34:45.0032 4672        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:34:45.0042 4672        ACPI - ok
11:34:45.0067 4672        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:34:45.0127 4672        AcpiPmi - ok
11:34:45.0182 4672        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:34:45.0197 4672        adp94xx - ok
11:34:45.0207 4672        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:34:45.0217 4672        adpahci - ok
11:34:45.0227 4672        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:34:45.0232 4672        adpu320 - ok
11:34:45.0272 4672        afcdp          (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
11:34:45.0302 4672        afcdp - ok
11:34:45.0362 4672        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:34:45.0422 4672        AFD - ok
11:34:45.0467 4672        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:34:45.0472 4672        agp440 - ok
11:34:45.0492 4672        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:34:45.0497 4672        aliide - ok
11:34:45.0532 4672        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:34:45.0537 4672        amdide - ok
11:34:45.0572 4672        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:34:45.0577 4672        amdiox64 - ok
11:34:45.0597 4672        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:34:45.0627 4672        AmdK8 - ok
11:34:45.0802 4672        amdkmdag        (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
11:34:46.0052 4672        amdkmdag - ok
11:34:46.0132 4672        amdkmdap        (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:34:46.0147 4672        amdkmdap - ok
11:34:46.0187 4672        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:34:46.0217 4672        AmdPPM - ok
11:34:46.0257 4672        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:34:46.0262 4672        amdsata - ok
11:34:46.0297 4672        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:34:46.0307 4672        amdsbs - ok
11:34:46.0322 4672        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:34:46.0327 4672        amdxata - ok
11:34:46.0397 4672        AODDriver4.01  (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:34:46.0402 4672        AODDriver4.01 - ok
11:34:46.0447 4672        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:34:46.0582 4672        AppID - ok
11:34:46.0612 4672        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:34:46.0617 4672        arc - ok
11:34:46.0627 4672        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:34:46.0632 4672        arcsas - ok
11:34:46.0657 4672        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:46.0762 4672        AsyncMac - ok
11:34:46.0777 4672        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:34:46.0787 4672        atapi - ok
11:34:46.0837 4672        AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
11:34:46.0842 4672        AtiHDAudioService - ok
11:34:46.0872 4672        AtiHdmiService  (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
11:34:46.0912 4672        AtiHdmiService - ok
11:34:46.0937 4672        AtiPcie        (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:34:46.0942 4672        AtiPcie - ok
11:34:46.0992 4672        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:34:47.0042 4672        b06bdrv - ok
11:34:47.0067 4672        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:34:47.0097 4672        b57nd60a - ok
11:34:47.0127 4672        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:34:47.0167 4672        Beep - ok
11:34:47.0217 4672        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:34:47.0242 4672        blbdrive - ok
11:34:47.0262 4672        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:34:47.0327 4672        bowser - ok
11:34:47.0352 4672        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:34:47.0382 4672        BrFiltLo - ok
11:34:47.0387 4672        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:34:47.0402 4672        BrFiltUp - ok
11:34:47.0417 4672        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:34:47.0467 4672        Brserid - ok
11:34:47.0472 4672        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:34:47.0512 4672        BrSerWdm - ok
11:34:47.0517 4672        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:34:47.0552 4672        BrUsbMdm - ok
11:34:47.0562 4672        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:34:47.0582 4672        BrUsbSer - ok
11:34:47.0602 4672        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:34:47.0627 4672        BTHMODEM - ok
11:34:47.0652 4672        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:34:47.0697 4672        cdfs - ok
11:34:47.0732 4672        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:34:47.0757 4672        cdrom - ok
11:34:47.0797 4672        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:34:47.0817 4672        circlass - ok
11:34:47.0847 4672        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:34:47.0862 4672        CLFS - ok
11:34:47.0937 4672        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:34:47.0957 4672        CmBatt - ok
11:34:47.0962 4672        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:34:47.0972 4672        cmdide - ok
11:34:48.0012 4672        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:34:48.0027 4672        CNG - ok
11:34:48.0057 4672        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:34:48.0062 4672        Compbatt - ok
11:34:48.0087 4672        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:34:48.0112 4672        CompositeBus - ok
11:34:48.0147 4672        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:34:48.0152 4672        crcdisk - ok
11:34:48.0192 4672        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:34:48.0252 4672        CSC - ok
11:34:48.0272 4672        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:34:48.0312 4672        DfsC - ok
11:34:48.0332 4672        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:34:48.0377 4672        discache - ok
11:34:48.0417 4672        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:34:48.0422 4672        Disk - ok
11:34:48.0452 4672        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:34:48.0507 4672        dmvsc - ok
11:34:48.0542 4672        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:34:48.0567 4672        drmkaud - ok
11:34:48.0597 4672        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:34:48.0607 4672        dtsoftbus01 - ok
11:34:48.0642 4672        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:34:48.0667 4672        DXGKrnl - ok
11:34:48.0697 4672        E1G60          (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:34:48.0722 4672        E1G60 - ok
11:34:48.0767 4672        eamonm          (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
11:34:48.0772 4672        eamonm - ok
11:34:48.0832 4672        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:34:48.0917 4672        ebdrv - ok
11:34:48.0942 4672        ehdrv          (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
11:34:48.0947 4672        ehdrv - ok
11:34:48.0992 4672        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:34:49.0007 4672        elxstor - ok
11:34:49.0032 4672        epfw            (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
11:34:49.0042 4672        epfw - ok
11:34:49.0057 4672        Epfwndis        (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
11:34:49.0062 4672        Epfwndis - ok
11:34:49.0097 4672        epfwwfp        (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
11:34:49.0102 4672        epfwwfp - ok
11:34:49.0107 4672        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:34:49.0137 4672        ErrDev - ok
11:34:49.0172 4672        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:34:49.0197 4672        exfat - ok
11:34:49.0207 4672        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:34:49.0247 4672        fastfat - ok
11:34:49.0267 4672        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:34:49.0297 4672        fdc - ok
11:34:49.0327 4672        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:34:49.0332 4672        FileInfo - ok
11:34:49.0347 4672        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:34:49.0392 4672        Filetrace - ok
11:34:49.0407 4672        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:34:49.0417 4672        flpydisk - ok
11:34:49.0452 4672        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:34:49.0462 4672        FltMgr - ok
11:34:49.0472 4672        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:34:49.0482 4672        FsDepends - ok
11:34:49.0492 4672        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:34:49.0502 4672        Fs_Rec - ok
11:34:49.0537 4672        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:34:49.0552 4672        fvevol - ok
11:34:49.0582 4672        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:34:49.0587 4672        gagp30kx - ok
11:34:49.0607 4672        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:34:49.0657 4672        hcw85cir - ok
11:34:49.0697 4672        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:34:49.0727 4672        HdAudAddService - ok
11:34:49.0757 4672        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:34:49.0782 4672        HDAudBus - ok
11:34:49.0797 4672        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:34:49.0822 4672        HidBatt - ok
11:34:49.0832 4672        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:34:49.0862 4672        HidBth - ok
11:34:49.0867 4672        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:34:49.0882 4672        HidIr - ok
11:34:49.0922 4672        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:34:49.0947 4672        HidUsb - ok
11:34:49.0972 4672        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:34:49.0977 4672        HpSAMD - ok
11:34:49.0997 4672        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:34:50.0057 4672        HTTP - ok
11:34:50.0077 4672        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:34:50.0082 4672        hwpolicy - ok
11:34:50.0097 4672        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:34:50.0112 4672        i8042prt - ok
11:34:50.0142 4672        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:34:50.0157 4672        iaStorV - ok
11:34:50.0202 4672        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:34:50.0207 4672        iirsp - ok
11:34:50.0277 4672        IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
11:34:50.0332 4672        IntcAzAudAddService - ok
11:34:50.0337 4672        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:34:50.0347 4672        intelide - ok
11:34:50.0362 4672        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:34:50.0387 4672        intelppm - ok
11:34:50.0392 4672        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:34:50.0417 4672        IpFilterDriver - ok
11:34:50.0427 4672        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:34:50.0442 4672        IPMIDRV - ok
11:34:50.0447 4672        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:34:50.0482 4672        IPNAT - ok
11:34:50.0507 4672        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:34:50.0572 4672        IRENUM - ok
11:34:50.0577 4672        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:34:50.0582 4672        isapnp - ok
11:34:50.0597 4672        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:34:50.0612 4672        iScsiPrt - ok
11:34:50.0637 4672        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:34:50.0647 4672        kbdclass - ok
11:34:50.0677 4672        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:34:50.0707 4672        kbdhid - ok
11:34:50.0732 4672        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:34:50.0742 4672        KSecDD - ok
11:34:50.0757 4672        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:34:50.0767 4672        KSecPkg - ok
11:34:50.0777 4672        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:34:50.0817 4672        ksthunk - ok
11:34:50.0862 4672        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:34:50.0907 4672        lltdio - ok
11:34:50.0937 4672        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:34:50.0942 4672        LSI_FC - ok
11:34:50.0952 4672        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:34:50.0957 4672        LSI_SAS - ok
11:34:50.0962 4672        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:34:50.0972 4672        LSI_SAS2 - ok
11:34:50.0977 4672        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:34:50.0987 4672        LSI_SCSI - ok
11:34:51.0022 4672        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:34:51.0062 4672        luafv - ok
11:34:51.0117 4672        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:34:51.0122 4672        MBAMProtector - ok
11:34:51.0142 4672        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:34:51.0147 4672        megasas - ok
11:34:51.0167 4672        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:34:51.0182 4672        MegaSR - ok
11:34:51.0197 4672        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:34:51.0237 4672        Modem - ok
11:34:51.0262 4672        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:34:51.0292 4672        monitor - ok
11:34:51.0322 4672        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:34:51.0327 4672        mouclass - ok
11:34:51.0337 4672        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:34:51.0347 4672        mouhid - ok
11:34:51.0357 4672        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:34:51.0367 4672        mountmgr - ok
11:34:51.0387 4672        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:34:51.0392 4672        mpio - ok
11:34:51.0407 4672        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:34:51.0447 4672        mpsdrv - ok
11:34:51.0457 4672        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:34:51.0482 4672        MRxDAV - ok
11:34:51.0512 4672        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:34:51.0582 4672        mrxsmb - ok
11:34:51.0612 4672        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:34:51.0622 4672        mrxsmb10 - ok
11:34:51.0632 4672        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:34:51.0642 4672        mrxsmb20 - ok
11:34:51.0677 4672        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:34:51.0682 4672        msahci - ok
11:34:51.0687 4672        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:34:51.0697 4672        msdsm - ok
11:34:51.0732 4672        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:34:51.0772 4672        Msfs - ok
11:34:51.0787 4672        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:34:51.0827 4672        mshidkmdf - ok
11:34:51.0852 4672        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:34:51.0857 4672        msisadrv - ok
11:34:51.0892 4672        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:34:51.0932 4672        MSKSSRV - ok
11:34:51.0952 4672        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:34:51.0992 4672        MSPCLOCK - ok
11:34:52.0007 4672        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:34:52.0057 4672        MSPQM - ok
11:34:52.0082 4672        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:34:52.0092 4672        MsRPC - ok
11:34:52.0107 4672        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:34:52.0112 4672        mssmbios - ok
11:34:52.0147 4672        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:34:52.0187 4672        MSTEE - ok
11:34:52.0192 4672        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:34:52.0212 4672        MTConfig - ok
11:34:52.0227 4672        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:34:52.0237 4672        Mup - ok
11:34:52.0277 4672        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:34:52.0312 4672        NativeWifiP - ok
11:34:52.0357 4672        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:34:52.0382 4672        NDIS - ok
11:34:52.0422 4672        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:34:52.0447 4672        NdisCap - ok
11:34:52.0472 4672        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:34:52.0512 4672        NdisTapi - ok
11:34:52.0542 4672        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:34:52.0582 4672        Ndisuio - ok
11:34:52.0607 4672        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:34:52.0647 4672        NdisWan - ok
11:34:52.0667 4672        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:34:52.0702 4672        NDProxy - ok
11:34:52.0737 4672        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:34:52.0772 4672        NetBIOS - ok
11:34:52.0797 4672        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:34:52.0822 4672        NetBT - ok
11:34:52.0862 4672        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:34:52.0867 4672        nfrd960 - ok
11:34:52.0897 4672        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:34:52.0937 4672        Npfs - ok
11:34:52.0962 4672        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:34:52.0997 4672        nsiproxy - ok
11:34:53.0052 4672        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:34:53.0092 4672        Ntfs - ok
11:34:53.0107 4672        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:34:53.0152 4672        Null - ok
11:34:53.0187 4672        nusb3hub        (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:34:53.0227 4672        nusb3hub - ok
11:34:53.0262 4672        nusb3xhc        (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:34:53.0287 4672        nusb3xhc - ok
11:34:53.0327 4672        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:34:53.0332 4672        nvraid - ok
11:34:53.0357 4672        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:34:53.0367 4672        nvstor - ok
11:34:53.0407 4672        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:34:53.0417 4672        nv_agp - ok
11:34:53.0422 4672        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:34:53.0447 4672        ohci1394 - ok
11:34:53.0472 4672        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:34:53.0497 4672        Parport - ok
11:34:53.0517 4672        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:34:53.0527 4672        partmgr - ok
11:34:53.0537 4672        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:34:53.0547 4672        pci - ok
11:34:53.0562 4672        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:34:53.0572 4672        pciide - ok
11:34:53.0592 4672        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:34:53.0602 4672        pcmcia - ok
11:34:53.0617 4672        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:34:53.0622 4672        pcw - ok
11:34:53.0652 4672        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:34:53.0702 4672        PEAUTH - ok
11:34:53.0777 4672        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:34:53.0817 4672        PptpMiniport - ok
11:34:53.0837 4672        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:34:53.0862 4672        Processor - ok
11:34:53.0897 4672        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:34:53.0937 4672        Psched - ok
11:34:53.0972 4672        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:34:54.0012 4672        ql2300 - ok
11:34:54.0022 4672        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:34:54.0027 4672        ql40xx - ok
11:34:54.0047 4672        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:34:54.0072 4672        QWAVEdrv - ok
11:34:54.0082 4672        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:34:54.0107 4672        RasAcd - ok
11:34:54.0152 4672        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:34:54.0177 4672        RasAgileVpn - ok
11:34:54.0192 4672        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:34:54.0232 4672        Rasl2tp - ok
11:34:54.0257 4672        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:34:54.0292 4672        RasPppoe - ok
11:34:54.0317 4672        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:34:54.0362 4672        RasSstp - ok
11:34:54.0387 4672        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:34:54.0422 4672        rdbss - ok
11:34:54.0442 4672        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:34:54.0457 4672        rdpbus - ok
11:34:54.0467 4672        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:34:54.0492 4672        RDPCDD - ok
11:34:54.0517 4672        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:34:54.0572 4672        RDPDR - ok
11:34:54.0582 4672        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:34:54.0622 4672        RDPENCDD - ok
11:34:54.0647 4672        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:34:54.0677 4672        RDPREFMP - ok
11:34:54.0682 4672        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:34:54.0742 4672        RdpVideoMiniport - ok
11:34:54.0752 4672        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:34:54.0777 4672        RDPWD - ok
11:34:54.0802 4672        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:34:54.0812 4672        rdyboost - ok
11:34:54.0867 4672        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:34:54.0912 4672        rspndr - ok
11:34:54.0947 4672        RTL8167        (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:34:54.0957 4672        RTL8167 - ok
11:34:54.0972 4672        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:34:54.0992 4672        s3cap - ok
11:34:55.0117 4672        SbieDrv        (554cb4c2e076cc0960d9e5590e4c7fa5) C:\Program Files\Sandboxie\SbieDrv.sys
11:34:55.0127 4672        SbieDrv - ok
11:34:55.0247 4672        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:34:55.0257 4672        sbp2port - ok
11:34:55.0282 4672        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:34:55.0317 4672        scfilter - ok
11:34:55.0347 4672        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:34:55.0387 4672        secdrv - ok
11:34:55.0427 4672        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:34:55.0447 4672        Serenum - ok
11:34:55.0482 4672        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:34:55.0507 4672        Serial - ok
11:34:55.0552 4672        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:34:55.0577 4672        sermouse - ok
11:34:55.0592 4672        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:34:55.0602 4672        sffdisk - ok
11:34:55.0607 4672        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:34:55.0627 4672        sffp_mmc - ok
11:34:55.0632 4672        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:34:55.0647 4672        sffp_sd - ok
11:34:55.0652 4672        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:34:55.0662 4672        sfloppy - ok
11:34:55.0672 4672        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:34:55.0682 4672        SiSRaid2 - ok
11:34:55.0687 4672        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:34:55.0697 4672        SiSRaid4 - ok
11:34:55.0702 4672        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:34:55.0732 4672        Smb - ok
11:34:55.0782 4672        snapman        (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
11:34:55.0792 4672        snapman - ok
11:34:55.0807 4672        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:34:55.0817 4672        spldr - ok
11:34:55.0852 4672        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:34:55.0902 4672        srv - ok
11:34:55.0922 4672        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:34:55.0947 4672        srv2 - ok
11:34:55.0967 4672        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:34:55.0992 4672        srvnet - ok
11:34:56.0032 4672        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:34:56.0037 4672        stexstor - ok
11:34:56.0072 4672        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:34:56.0082 4672        storflt - ok
11:34:56.0092 4672        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:34:56.0097 4672        storvsc - ok
11:34:56.0107 4672        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:34:56.0117 4672        swenum - ok
11:34:56.0127 4672        Synth3dVsc      (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
11:34:56.0132 4672        Synth3dVsc - ok
11:34:56.0192 4672        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:34:56.0237 4672        Tcpip - ok
11:34:56.0257 4672        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:34:56.0282 4672        TCPIP6 - ok
11:34:56.0297 4672        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:34:56.0342 4672        tcpipreg - ok
11:34:56.0362 4672        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:34:56.0402 4672        TDPIPE - ok
11:34:56.0442 4672        tdrpman273      (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
11:34:56.0472 4672        tdrpman273 - ok
11:34:56.0482 4672        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:34:56.0507 4672        TDTCP - ok
11:34:56.0592 4672        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:34:56.0627 4672        tdx - ok
11:34:56.0697 4672        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:34:56.0742 4672        TermDD - ok
11:34:56.0777 4672        terminpt        (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
11:34:56.0807 4672        terminpt - ok
11:34:56.0852 4672        timounter      (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
11:34:56.0867 4672        timounter - ok
11:34:56.0912 4672        Tpkd            (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
11:34:56.0922 4672        Tpkd - ok
11:34:56.0962 4672        truecrypt      (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
11:34:56.0972 4672        truecrypt - ok
11:34:56.0997 4672        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:34:57.0037 4672        tssecsrv - ok
11:34:57.0062 4672        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:34:57.0117 4672        TsUsbFlt - ok
11:34:57.0122 4672        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:34:57.0132 4672        TsUsbGD - ok
11:34:57.0137 4672        tsusbhub        (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
11:34:57.0162 4672        tsusbhub - ok
11:34:57.0197 4672        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:34:57.0232 4672        tunnel - ok
11:34:57.0257 4672        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:34:57.0267 4672        uagp35 - ok
11:34:57.0287 4672        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:34:57.0327 4672        udfs - ok
11:34:57.0347 4672        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:34:57.0357 4672        uliagpkx - ok
11:34:57.0382 4672        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:34:57.0407 4672        umbus - ok
11:34:57.0412 4672        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:34:57.0447 4672        UmPass - ok
11:34:57.0502 4672        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:34:57.0522 4672        usbaudio - ok
11:34:57.0557 4672        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:34:57.0597 4672        usbccgp - ok
11:34:57.0642 4672        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:34:57.0672 4672        usbcir - ok
11:34:57.0702 4672        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:34:57.0732 4672        usbehci - ok
11:34:57.0752 4672        usbfilter      (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
11:34:57.0762 4672        usbfilter - ok
11:34:57.0797 4672        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:34:57.0827 4672        usbhub - ok
11:34:57.0857 4672        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:34:57.0882 4672        usbohci - ok
11:34:57.0907 4672        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:34:57.0932 4672        usbprint - ok
11:34:57.0962 4672        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:34:58.0012 4672        USBSTOR - ok
11:34:58.0032 4672        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:34:58.0052 4672        usbuhci - ok
11:34:58.0092 4672        VBoxNetAdp      (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:34:58.0102 4672        VBoxNetAdp - ok
11:34:58.0132 4672        VBoxNetFlt - ok
11:34:58.0162 4672        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:34:58.0172 4672        vdrvroot - ok
11:34:58.0187 4672        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:34:58.0197 4672        vga - ok
11:34:58.0212 4672        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:34:58.0252 4672        VgaSave - ok
11:34:58.0262 4672        VGPU - ok
11:34:58.0267 4672        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:34:58.0277 4672        vhdmp - ok
11:34:58.0287 4672        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:34:58.0292 4672        viaide - ok
11:34:58.0317 4672        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:34:58.0327 4672        vmbus - ok
11:34:58.0332 4672        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:34:58.0357 4672        VMBusHID - ok
11:34:58.0482 4672        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:34:58.0487 4672        volmgr - ok
11:34:58.0507 4672        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:34:58.0517 4672        volmgrx - ok
11:34:58.0537 4672        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:34:58.0547 4672        volsnap - ok
11:34:58.0582 4672        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:34:58.0587 4672        vsmraid - ok
11:34:58.0602 4672        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:34:58.0632 4672        vwifibus - ok
11:34:58.0642 4672        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:34:58.0657 4672        WacomPen - ok
11:34:58.0692 4672        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:58.0732 4672        WANARP - ok
11:34:58.0747 4672        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:58.0772 4672        Wanarpv6 - ok
11:34:58.0787 4672        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:34:58.0797 4672        Wd - ok
11:34:58.0817 4672        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:34:58.0832 4672        Wdf01000 - ok
11:34:58.0862 4672        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:34:58.0887 4672        WfpLwf - ok
11:34:58.0892 4672        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:34:58.0902 4672        WIMMount - ok
11:34:58.0947 4672        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:34:58.0977 4672        WinUsb - ok
11:34:59.0012 4672        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:34:59.0022 4672        WmiAcpi - ok
11:34:59.0047 4672        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:34:59.0072 4672        ws2ifsl - ok
11:34:59.0092 4672        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:34:59.0137 4672        WudfPf - ok
11:34:59.0182 4672        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:34:59.0222 4672        WUDFRd - ok
11:34:59.0252 4672        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:34:59.0372 4672        \Device\Harddisk0\DR0 - ok
11:34:59.0377 4672        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:34:59.0522 4672        \Device\Harddisk1\DR1 - ok
11:34:59.0522 4672        Boot (0x1200)  (32d787a4f9db3978e5f1421f58294338) \Device\Harddisk0\DR0\Partition0
11:34:59.0522 4672        \Device\Harddisk0\DR0\Partition0 - ok
11:34:59.0537 4672        Boot (0x1200)  (22725173e5a2c10487aa2259a0562847) \Device\Harddisk0\DR0\Partition1
11:34:59.0542 4672        \Device\Harddisk0\DR0\Partition1 - ok
11:34:59.0542 4672        Boot (0x1200)  (5ecc7fe5a62ac51516e47c39f0025fba) \Device\Harddisk1\DR1\Partition0
11:34:59.0547 4672        \Device\Harddisk1\DR1\Partition0 - ok
11:34:59.0547 4672        ============================================================
11:34:59.0547 4672        Scan finished
11:34:59.0547 4672        ============================================================
11:34:59.0557 3840        Detected object count: 0
11:34:59.0557 3840        Actual detected object count: 0

cosinus 19.02.2012 18:30
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ferrys 21.02.2012 14:14
Sorry das es diesmal etwas länger gedauert hat, hatte viel um die Ohren.


Code:
ComboFix 12-02-19.02 - Ferrys 21.02.2012  13:46:35.1.3 - x64
Microsoft Windows 7 Enterprise  6.1.7601.1.1252.49.1031.18.4095.2613 [GMT 1:00]
ausgeführt von:: c:\users\Ferrys\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Ferrys\AppData\Roaming\RIFT
c:\users\Ferrys\AppData\Roaming\RIFT\rift.cfg
H:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-21 bis 2012-02-21  ))))))))))))))))))))))))))))))
.
.
2012-02-21 12:52 . 2012-02-21 12:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-21 12:24 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{23F0FA33-B690-4D9F-9928-62C604C1CC2F}\mpengine.dll
2012-02-17 10:35 . 2012-02-17 10:35        --------        d-----w-        C:\_OTL
2012-02-16 16:15 . 2012-02-16 16:15        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-02-15 15:42 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 15:42 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2012-02-15 15:42 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 15:42 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll
2012-02-15 15:42 . 2012-01-14 04:06        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 15:41 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 15:41 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-02-15 15:41 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
2012-02-14 17:54 . 2012-02-14 17:54        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-14 17:54 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-13 19:35 . 2012-02-13 19:34        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-13 19:34 . 2012-02-13 19:34        --------        d-----w-        c:\program files\Java
2012-02-13 17:39 . 2012-02-13 17:39        --------        d-----w-        c:\users\Ferrys\AppData\Roaming\Malwarebytes
2012-02-13 17:39 . 2012-02-13 17:39        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-11 23:11 . 2012-02-11 23:11        --------        d-----w-        C:\Sandbox
2012-02-11 23:07 . 2012-02-13 19:17        --------        d-----w-        c:\program files\Sandboxie
2012-02-11 22:48 . 2012-02-11 23:03        --------        d-----w-        c:\users\Ferrys\VirtualBox VMs
2012-02-11 22:47 . 2012-02-11 23:03        --------        d-----w-        c:\users\Ferrys\.VirtualBox
2012-02-11 22:45 . 2011-12-19 12:45        224048        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
2012-02-11 22:45 . 2011-12-19 12:45        130864        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys
2012-02-07 16:27 . 2012-02-07 16:27        --------        d-----w-        c:\users\Ferrys\AppData\Roaming\Lexicon PCM Native
2012-02-07 16:26 . 2012-02-07 16:26        --------        dc-h--w-        c:\programdata\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
2012-02-06 16:19 . 2012-02-06 16:19        --------        d-----w-        c:\users\Ferrys\AppData\Local\FalloutNV
2012-02-04 09:45 . 2012-02-04 09:45        --------        d-----w-        c:\programdata\ATI
2012-02-04 09:45 . 2012-02-04 09:45        --------        d-----w-        c:\program files (x86)\AMD APP
2012-02-04 09:39 . 2012-02-04 09:39        --------        d-----w-        C:\AMD
2012-02-03 14:20 . 2012-02-03 14:25        --------        d-----w-        c:\programdata\Ubisoft
2012-02-03 13:53 . 2012-02-03 13:53        189248        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-02-03 13:53 . 2012-02-03 13:53        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-02-03 13:53 . 2012-02-03 13:53        --------        d-----w-        c:\users\Ferrys\AppData\Roaming\PunkBuster
2012-02-03 13:43 . 2012-02-03 13:52        --------        d-----w-        c:\program files (x86)\Ubisoft
2012-02-03 06:02 . 2012-02-03 06:21        --------        d-----w-        c:\program files (x86)\TeamViewer
2012-01-31 17:53 . 2012-01-31 17:53        --------        d-----w-        c:\programdata\iZotope
2012-01-29 19:21 . 2012-01-29 19:21        --------        d-----w-        c:\program files (x86)\FXpansion
2012-01-29 19:21 . 2012-01-29 19:25        --------        d-----w-        c:\users\Ferrys\AppData\Roaming\FXpansion
2012-01-29 11:31 . 2012-01-29 11:31        --------        d-----w-        c:\users\Ferrys\AppData\Roaming\runic games
2012-01-28 11:30 . 2012-01-28 11:30        --------        d-----w-        c:\users\Ferrys\AppData\Local\Funcom
2012-01-27 22:00 . 2012-01-27 22:00        --------        d-----w-        c:\users\Ferrys\AppData\Local\CrashRpt
2012-01-26 19:48 . 2012-01-26 19:51        --------        d-----w-        c:\users\Ferrys\AppData\Roaming\Line 6
2012-01-26 19:48 . 2012-01-26 19:48        --------        d-----w-        c:\programdata\Line 6
2012-01-26 19:48 . 2012-01-26 19:48        --------        d-----w-        c:\program files\Common Files\Propellerhead Software
2012-01-26 19:26 . 2012-01-26 19:29        --------        d-----w-        c:\programdata\Camel Audio
2012-01-26 09:42 . 2012-01-26 09:42        --------        d-----w-        c:\program files\jBridge
2012-01-26 09:20 . 2012-01-26 09:20        --------        d-----w-        c:\programdata\Waves Audio
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 16:30 . 2011-06-20 16:58        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-16 16:15 . 2011-06-20 16:54        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-01-29 04:10 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-19 16:45 . 2012-01-19 16:38        286208        ----a-w-        c:\windows\SysWow64\Xbinkw32.dll
2012-01-02 15:26 . 2012-01-02 17:06        258352        ----a-w-        c:\windows\SysWow64\unicows.dll
2011-12-19 12:45 . 2011-12-19 12:45        146736        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-06 03:45 . 2011-12-06 03:45        10720256        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18        25371136        ----a-w-        c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-12-06 03:17        778752        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2009-12-11 07:34        933888        ----a-w-        c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12        494080        ----a-w-        c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11        235520        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10        360448        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06        6159872        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56        19125760        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2009-12-11 07:31        7520768        ----a-w-        c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39        4072960        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34        13738496        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33        5919232        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29        11484672        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28        4206592        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24        7511040        ----a-w-        c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-06-20 16:39        58880        ----a-w-        c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13        509952        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        356352        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        327168        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2009-12-11 06:50        42496        ----a-w-        c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11        33280        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11        39936        ----a-w-        c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11        29696        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04        69632        ----a-w-        c:\windows\system32\OpenVideo64.dll
2011-12-05 21:04 . 2011-12-05 21:04        59904        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03        61952        ----a-w-        c:\windows\system32\OVDecode64.dll
2011-12-05 21:03 . 2011-12-05 21:03        54784        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03        17580544        ----a-w-        c:\windows\system32\amdocl64.dll
2011-12-05 21:03 . 2011-12-05 21:03        14499328        ----a-w-        c:\windows\SysWow64\amdocl.dll
2011-11-25 17:41 . 2011-11-25 17:41        2892        ----a-w-        c:\windows\SysWow64\audcon.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-21 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"combofix"="c:\combofix\CF14751.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ferrys\AppData\Roaming\Mozilla\Firefox\Profiles\a1ltm1yf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6} - c:\programdata\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\Maschine Controller Driver Setup.exe
AddRemove-{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F} - c:\programdata\{63212DDB-3722-4A80-B4BE-CF435DDAD17C}\Maschine Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-21  14:07:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-21 13:07
.
Vor Suchlauf: 12 Verzeichnis(se), 377.975.558.144 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 377.459.965.952 Bytes frei
.
- - End Of File - - 887C5F8879551483EFDB804FE1921F87


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131