Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 Pro Verschlüsselungstrojaner (https://www.trojaner-board.de/125502-windows-7-pro-verschluesselungstrojaner.html)

Bong 11.10.2012 10:14
Windows 7 Pro Verschlüsselungstrojaner
 
Hallo,

ich habe mir leider den Verschlüsselungstrojaner eingefangen und seitdems geht sozusagen nichts mehr.
Wie muss ich vorgehen, um den PC wieder sauber zu kriegen?
Seit heute habe ich im Safe Mode keinen Internetzugang mehr, was vorher noch problemlos möglich war. Am Netzwerk kann es nicht liegen, da ich genau dieses gerade mit dem Laptop nutze.

Vielen Dank im Voraus,
Bong

cosinus 11.10.2012 18:15
Mach bitte ein OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Bong 12.10.2012 18:16
Hallo, hier ist der OTL-Report:

OTL Logfile:
Code:
OTL logfile created on: 12/10/2012 18:59:46 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\User\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000140C | Country: Luxembourg | Language: FRL | Date Format: dd/MM/yyyy
 
3,43 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 87,86% Memory free
6,87 Gb Paging File | 6,48 Gb Available in Paging File | 94,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 124,75 Gb Free Space | 41,89% Space Free | Partition Type: NTFS
 
Computer Name: STATION01 | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/12 17:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012/09/19 15:26:15 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 10:44:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 10:44:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/17 16:59:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/14 00:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/04 23:46:40 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 23:46:38 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/23 16:16:12 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) [Auto | Stopped] -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/05/09 10:44:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 10:44:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/07/02 14:21:18 | 010,993,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/01/12 16:24:00 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/12/10 09:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 23:50:46 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2003/07/11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.lu/
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 34 61 90 16 CF CA 01  [binary data]
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes,DefaultScope = {9009733B-8683-4B13-9C08-5B4378D967C8}
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{9009733B-8683-4B13-9C08-5B4378D967C8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/19 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/25 14:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/05/02 03:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\extensions
[2012/03/15 12:57:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/25 14:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/19 15:26:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/19 15:26:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/19 15:26:14 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [SMBHelper] C:\Users\User\AppData\Local\Microsoft\Windows\4481\SMBHelper.exe ()
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D81D153-0A2A-41E5-8E83-621BFAD54993}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8da25799-3b42-11df-a0ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8da25799-3b42-11df-a0ee-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/12 18:56:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/21 15:04:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\hellomoto
[2012/09/19 01:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/19 01:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/12 18:58:28 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/12 18:58:28 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/12 18:53:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 18:53:38 | 2765,991,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 18:51:49 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/12 17:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/21 15:24:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/21 15:16:37 | 000,001,105 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/09/21 12:40:50 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 12:40:50 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 01:29:40 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/18 23:36:09 | 001,471,414 | ---- | M] () -- C:\Users\User\Documents\IMG_1673.JPG
[2012/09/18 15:00:16 | 001,787,235 | ---- | M] () -- C:\Users\User\Documents\IMG_1746.JPG
[2012/09/18 15:00:12 | 001,854,024 | ---- | M] () -- C:\Users\User\Documents\IMG_1745.JPG
[2012/09/18 15:00:05 | 001,830,059 | ---- | M] () -- C:\Users\User\Documents\IMG_1744.JPG
[2012/09/18 15:00:04 | 001,923,849 | ---- | M] () -- C:\Users\User\Documents\IMG_1743.JPG
[2012/09/18 15:00:00 | 001,935,569 | ---- | M] () -- C:\Users\User\Documents\IMG_1742.JPG
[2012/09/18 14:54:51 | 001,657,945 | ---- | M] () -- C:\Users\User\Documents\IMG_1741.JPG
[2012/09/18 14:54:37 | 001,244,727 | ---- | M] () -- C:\Users\User\Documents\IMG_1740.JPG
[2012/09/18 14:54:35 | 001,274,171 | ---- | M] () -- C:\Users\User\Documents\IMG_1739.JPG
[2012/09/18 14:35:16 | 001,505,575 | ---- | M] () -- C:\Users\User\Documents\IMG_1738.JPG
[2012/09/18 14:35:15 | 001,553,175 | ---- | M] () -- C:\Users\User\Documents\IMG_1737.JPG
[2012/09/18 14:35:07 | 001,687,218 | ---- | M] () -- C:\Users\User\Documents\IMG_1736.JPG
[2012/09/18 14:32:21 | 001,992,984 | ---- | M] () -- C:\Users\User\Documents\IMG_1734.JPG
[2012/09/18 14:32:19 | 001,966,867 | ---- | M] () -- C:\Users\User\Documents\IMG_1733.JPG
[2012/09/18 14:32:15 | 001,948,377 | ---- | M] () -- C:\Users\User\Documents\IMG_1732.JPG
[2012/09/18 14:32:14 | 001,880,119 | ---- | M] () -- C:\Users\User\Documents\IMG_1731.JPG
[2012/09/18 14:32:05 | 001,828,339 | ---- | M] () -- C:\Users\User\Documents\IMG_1730.JPG
[2012/09/18 14:31:51 | 001,787,871 | ---- | M] () -- C:\Users\User\Documents\IMG_1729.JPG
[2012/09/18 14:31:19 | 001,660,175 | ---- | M] () -- C:\Users\User\Documents\IMG_1728.JPG
[2012/09/18 14:31:16 | 001,627,959 | ---- | M] () -- C:\Users\User\Documents\IMG_1727.JPG
[2012/09/18 14:30:04 | 001,667,076 | ---- | M] () -- C:\Users\User\Documents\IMG_1726.JPG
[2012/09/18 14:26:18 | 001,387,425 | ---- | M] () -- C:\Users\User\Documents\IMG_1725.JPG
[2012/09/18 14:26:16 | 001,404,024 | ---- | M] () -- C:\Users\User\Documents\IMG_1724.JPG
[2012/09/18 14:25:31 | 001,462,537 | ---- | M] () -- C:\Users\User\Documents\IMG_1723.JPG
[2012/09/18 14:25:29 | 001,430,465 | ---- | M] () -- C:\Users\User\Documents\IMG_1722.JPG
[2012/09/18 14:25:25 | 001,454,001 | ---- | M] () -- C:\Users\User\Documents\IMG_1721.JPG
[2012/09/16 17:24:41 | 001,759,712 | ---- | M] () -- C:\Users\User\Documents\IMG_1719.JPG
[2012/09/16 17:20:15 | 002,709,638 | ---- | M] () -- C:\Users\User\Documents\IMG_1718.JPG
[2012/09/16 17:10:56 | 002,550,431 | ---- | M] () -- C:\Users\User\Documents\IMG_1717.JPG
[2012/09/16 17:04:15 | 001,690,212 | ---- | M] () -- C:\Users\User\Documents\IMG_1716.JPG
[2012/09/16 13:36:43 | 001,761,504 | ---- | M] () -- C:\Users\User\Documents\IMG_1715.JPG
[2012/09/16 13:35:19 | 001,660,314 | ---- | M] () -- C:\Users\User\Documents\IMG_1714.JPG
[2012/09/16 13:21:41 | 000,925,351 | ---- | M] () -- C:\Users\User\Documents\IMG_1713.JPG
[2012/09/16 13:21:31 | 001,566,553 | ---- | M] () -- C:\Users\User\Documents\IMG_1712.JPG
[2012/09/16 12:06:23 | 002,019,683 | ---- | M] () -- C:\Users\User\Documents\IMG_1711.JPG
[2012/09/15 19:01:47 | 022,575,690 | ---- | M] () -- C:\Users\User\Documents\IMG_1693.MOV
[2012/09/15 16:32:59 | 128,400,393 | ---- | M] () -- C:\Users\User\Documents\IMG_1692.MOV
[2012/09/15 16:29:46 | 045,910,042 | ---- | M] () -- C:\Users\User\Documents\IMG_1691.MOV
[2012/09/15 16:28:55 | 027,496,376 | ---- | M] () -- C:\Users\User\Documents\IMG_1690.MOV
[2012/09/15 16:03:58 | 053,115,200 | ---- | M] () -- C:\Users\User\Documents\IMG_1689.MOV
[2012/09/15 15:43:18 | 081,584,599 | ---- | M] () -- C:\Users\User\Documents\IMG_1688.MOV
[2012/09/15 12:21:04 | 029,618,847 | ---- | M] () -- C:\Users\User\Documents\IMG_1687.MOV
[2012/09/14 20:50:19 | 001,222,367 | ---- | M] () -- C:\Users\User\Documents\IMG_1685.JPG
[2012/09/14 16:58:48 | 052,675,465 | ---- | M] () -- C:\Users\User\Documents\IMG_1683.MOV
[2012/09/14 16:58:00 | 018,497,900 | ---- | M] () -- C:\Users\User\Documents\IMG_1682.MOV
[2012/09/14 16:36:03 | 001,630,410 | ---- | M] () -- C:\Users\User\Documents\IMG_1681.JPG
[2012/09/14 16:35:58 | 001,641,200 | ---- | M] () -- C:\Users\User\Documents\IMG_1680.JPG
[2012/09/14 16:35:51 | 001,678,798 | ---- | M] () -- C:\Users\User\Documents\IMG_1679.JPG
[2012/09/14 16:35:40 | 001,938,783 | ---- | M] () -- C:\Users\User\Documents\IMG_1678.JPG
[2012/09/14 16:35:36 | 002,035,388 | ---- | M] () -- C:\Users\User\Documents\IMG_1677.JPG
[2012/09/14 16:28:14 | 001,915,754 | ---- | M] () -- C:\Users\User\Documents\IMG_1676.JPG
[2012/09/14 16:28:07 | 002,116,019 | ---- | M] () -- C:\Users\User\Documents\IMG_1675.JPG
[2012/09/14 16:28:05 | 002,195,733 | ---- | M] () -- C:\Users\User\Documents\IMG_1674.JPG
[2012/09/14 16:14:29 | 001,729,643 | ---- | M] () -- C:\Users\User\Documents\IMG_1672.JPG
[2012/09/14 15:01:13 | 001,299,658 | ---- | M] () -- C:\Users\User\Documents\IMG_1671.JPG
[2012/09/13 18:45:38 | 001,462,831 | ---- | M] () -- C:\Users\User\Documents\IMG_1670.JPG
 
========== Files Created - No Company Name ==========
 
[2012/09/18 23:51:43 | 001,923,849 | ---- | C] () -- C:\Users\User\Documents\IMG_1743.JPG
[2012/09/18 23:51:43 | 001,854,024 | ---- | C] () -- C:\Users\User\Documents\IMG_1745.JPG
[2012/09/18 23:51:43 | 001,830,059 | ---- | C] () -- C:\Users\User\Documents\IMG_1744.JPG
[2012/09/18 23:51:42 | 001,935,569 | ---- | C] () -- C:\Users\User\Documents\IMG_1742.JPG
[2012/09/18 23:51:42 | 001,687,218 | ---- | C] () -- C:\Users\User\Documents\IMG_1736.JPG
[2012/09/18 23:51:42 | 001,657,945 | ---- | C] () -- C:\Users\User\Documents\IMG_1741.JPG
[2012/09/18 23:51:42 | 001,553,175 | ---- | C] () -- C:\Users\User\Documents\IMG_1737.JPG
[2012/09/18 23:51:42 | 001,505,575 | ---- | C] () -- C:\Users\User\Documents\IMG_1738.JPG
[2012/09/18 23:51:42 | 001,274,171 | ---- | C] () -- C:\Users\User\Documents\IMG_1739.JPG
[2012/09/18 23:51:42 | 001,244,727 | ---- | C] () -- C:\Users\User\Documents\IMG_1740.JPG
[2012/09/18 23:51:41 | 001,992,984 | ---- | C] () -- C:\Users\User\Documents\IMG_1734.JPG
[2012/09/18 23:51:41 | 001,966,867 | ---- | C] () -- C:\Users\User\Documents\IMG_1733.JPG
[2012/09/18 23:51:41 | 001,948,377 | ---- | C] () -- C:\Users\User\Documents\IMG_1732.JPG
[2012/09/18 23:51:41 | 001,880,119 | ---- | C] () -- C:\Users\User\Documents\IMG_1731.JPG
[2012/09/18 23:51:41 | 001,828,339 | ---- | C] () -- C:\Users\User\Documents\IMG_1730.JPG
[2012/09/18 23:51:41 | 001,787,871 | ---- | C] () -- C:\Users\User\Documents\IMG_1729.JPG
[2012/09/18 23:51:41 | 001,660,175 | ---- | C] () -- C:\Users\User\Documents\IMG_1728.JPG
[2012/09/18 23:51:40 | 001,667,076 | ---- | C] () -- C:\Users\User\Documents\IMG_1726.JPG
[2012/09/18 23:51:40 | 001,627,959 | ---- | C] () -- C:\Users\User\Documents\IMG_1727.JPG
[2012/09/18 23:51:40 | 001,462,537 | ---- | C] () -- C:\Users\User\Documents\IMG_1723.JPG
[2012/09/18 23:51:40 | 001,454,001 | ---- | C] () -- C:\Users\User\Documents\IMG_1721.JPG
[2012/09/18 23:51:40 | 001,430,465 | ---- | C] () -- C:\Users\User\Documents\IMG_1722.JPG
[2012/09/18 23:51:40 | 001,404,024 | ---- | C] () -- C:\Users\User\Documents\IMG_1724.JPG
[2012/09/18 23:51:40 | 001,387,425 | ---- | C] () -- C:\Users\User\Documents\IMG_1725.JPG
[2012/09/18 23:51:39 | 001,787,235 | ---- | C] () -- C:\Users\User\Documents\IMG_1746.JPG
[2012/09/18 23:32:59 | 002,709,638 | ---- | C] () -- C:\Users\User\Documents\IMG_1718.JPG
[2012/09/18 23:32:59 | 002,550,431 | ---- | C] () -- C:\Users\User\Documents\IMG_1717.JPG
[2012/09/18 23:32:59 | 001,761,504 | ---- | C] () -- C:\Users\User\Documents\IMG_1715.JPG
[2012/09/18 23:32:59 | 001,690,212 | ---- | C] () -- C:\Users\User\Documents\IMG_1716.JPG
[2012/09/18 23:32:59 | 001,660,314 | ---- | C] () -- C:\Users\User\Documents\IMG_1714.JPG
[2012/09/18 23:32:58 | 002,019,683 | ---- | C] () -- C:\Users\User\Documents\IMG_1711.JPG
[2012/09/18 23:32:58 | 001,566,553 | ---- | C] () -- C:\Users\User\Documents\IMG_1712.JPG
[2012/09/18 23:32:58 | 000,925,351 | ---- | C] () -- C:\Users\User\Documents\IMG_1713.JPG
[2012/09/18 23:32:57 | 022,575,690 | ---- | C] () -- C:\Users\User\Documents\IMG_1693.MOV
[2012/09/18 23:32:47 | 128,400,393 | ---- | C] () -- C:\Users\User\Documents\IMG_1692.MOV
[2012/09/18 23:32:45 | 045,910,042 | ---- | C] () -- C:\Users\User\Documents\IMG_1691.MOV
[2012/09/18 23:32:43 | 027,496,376 | ---- | C] () -- C:\Users\User\Documents\IMG_1690.MOV
[2012/09/18 23:32:39 | 053,115,200 | ---- | C] () -- C:\Users\User\Documents\IMG_1689.MOV
[2012/09/18 23:32:28 | 081,584,599 | ---- | C] () -- C:\Users\User\Documents\IMG_1688.MOV
[2012/09/18 23:32:26 | 029,618,847 | ---- | C] () -- C:\Users\User\Documents\IMG_1687.MOV
[2012/09/18 23:32:26 | 001,222,367 | ---- | C] () -- C:\Users\User\Documents\IMG_1685.JPG
[2012/09/18 23:32:22 | 052,675,465 | ---- | C] () -- C:\Users\User\Documents\IMG_1683.MOV
[2012/09/18 23:32:21 | 018,497,900 | ---- | C] () -- C:\Users\User\Documents\IMG_1682.MOV
[2012/09/18 23:32:21 | 001,630,410 | ---- | C] () -- C:\Users\User\Documents\IMG_1681.JPG
[2012/09/18 23:32:20 | 002,116,019 | ---- | C] () -- C:\Users\User\Documents\IMG_1675.JPG
[2012/09/18 23:32:20 | 002,035,388 | ---- | C] () -- C:\Users\User\Documents\IMG_1677.JPG
[2012/09/18 23:32:20 | 001,938,783 | ---- | C] () -- C:\Users\User\Documents\IMG_1678.JPG
[2012/09/18 23:32:20 | 001,915,754 | ---- | C] () -- C:\Users\User\Documents\IMG_1676.JPG
[2012/09/18 23:32:20 | 001,678,798 | ---- | C] () -- C:\Users\User\Documents\IMG_1679.JPG
[2012/09/18 23:32:20 | 001,641,200 | ---- | C] () -- C:\Users\User\Documents\IMG_1680.JPG
[2012/09/18 23:32:19 | 002,195,733 | ---- | C] () -- C:\Users\User\Documents\IMG_1674.JPG
[2012/09/18 23:32:19 | 001,759,712 | ---- | C] () -- C:\Users\User\Documents\IMG_1719.JPG
[2012/09/18 23:32:19 | 001,729,643 | ---- | C] () -- C:\Users\User\Documents\IMG_1672.JPG
[2012/09/18 23:32:19 | 001,471,414 | ---- | C] () -- C:\Users\User\Documents\IMG_1673.JPG
[2012/09/18 23:32:19 | 001,462,831 | ---- | C] () -- C:\Users\User\Documents\IMG_1670.JPG
[2012/09/18 23:32:19 | 001,299,658 | ---- | C] () -- C:\Users\User\Documents\IMG_1671.JPG
[2012/05/04 00:57:09 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2010/10/22 15:43:31 | 000,000,266 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2010/10/22 15:29:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2002/08/26 19:54:44 | 000,327,680 | R--- | C] () -- C:\Users\User\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Spearit
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Spearit
[2010/11/24 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2012/03/15 12:54:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Garmin
[2012/09/21 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\hellomoto
[2010/09/21 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011/10/19 19:52:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SkyTestBU0
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spearit
[2012/02/25 02:06:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2012/08/10 00:50:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2012/03/12 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Avira
[2010/11/24 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2012/05/11 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FastStone
[2012/03/15 12:54:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Garmin
[2010/10/24 01:40:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Google
[2012/09/21 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\hellomoto
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2010/09/21 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010/09/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd
[2010/09/21 08:29:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2009/07/14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2012/05/12 00:28:15 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2012/02/25 14:34:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2010/10/28 12:48:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nero
[2010/09/30 20:27:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NVIDIA
[2011/07/31 23:19:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2011/10/19 19:52:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SkyTestBU0
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spearit
[2012/02/25 02:06:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
 
< %APPDATA%\*.exe /s >
[2002/08/26 19:54:44 | 000,327,680 | R--- | M] () -- C:\Users\User\AppData\Roaming\MafiaSetup.exe
[2010/02/01 03:45:40 | 000,038,784 | ---- | M] () -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/05/10 03:57:53 | 000,007,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_20e36a9a.exe
[2012/05/10 03:57:53 | 000,007,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_5a9f4086.exe
[2010/09/21 08:26:48 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

Danke für die Hilfe! :daumenhoc

cosinus 12.10.2012 20:23
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O4 - HKLM..\Run: [SMBHelper] C:\Users\User\AppData\Local\Microsoft\Windows\4481\SMBHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
:Files
C:\Users\User\AppData\Local\Microsoft\Windows\4481
C:\Windows\cnerolf.bin
C:\Users\User\AppData\Roaming\hellomoto
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Bong 13.10.2012 02:10
Hier ist das Logfile vom OTL-Fix:

Code:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMBHelper deleted successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\4481\SMBHelper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
========== FILES ==========
C:\Users\User\AppData\Local\Microsoft\Windows\4481 folder moved successfully.
C:\Windows\cnerolf.bin moved successfully.
C:\Users\User\AppData\Roaming\hellomoto folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_030821
Der Rechner wurde übrigens nicht neu gestartet.

Danke für die Hilfe.

cosinus 13.10.2012 16:10
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Bong 14.10.2012 12:02
Upload war erfolgreich :daumenhoc

cosinus 14.10.2012 18:52
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Bong 14.10.2012 20:41
So, den Malwarebytes-Scan habe ich gerade durchgeführt, hier der Report:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.14.05

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
User :: STATION01 [Administrator]

14/10/2012 21:34:33
mbam-log-2012-10-14 (21-34-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229471
Laufzeit: 3 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier das Ergebnis des ESET-Scans:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b5f51e715b022241b74a2ec7e87e2b69
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-14 09:18:27
# local_time=2012-10-14 11:18:27 (+0100, Romance Daylight Time)
# country="Luxembourg"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 18660894 18660894 0 0
# compatibility_mode=5893 16776574 100 94 61610668 102696633 0 0
# compatibility_mode=8192 67108863 100 0 150 150 0 0
# scanned=384262
# found=3
# cleaned=0
# scan_time=5465
C:\Users\User\AppData\Local\Temp\jar_cache1250724741811364833.tmp        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4224a763-5492f2c0        a variant of Win32/Kryptik.AMLT trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10132012_030821\C_Users\User\AppData\Local\Microsoft\Windows\4481\SMBHelper.exe        a variant of Win32/Kryptik.AMLT trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 15.10.2012 10:50
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Bong 16.10.2012 10:55
Nein, ich habe Malwarebytes davor noch nie benutzt.

cosinus 17.10.2012 11:30
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Bong 18.10.2012 00:03
So, hier ist der Text von adwcleaner:

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 00:59:54
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User : User - STATION01
# Boot Mode : Safe mode
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

*************************

AdwCleaner[R1].txt - [945 octets] - [18/10/2012 00:59:54]

########## EOF - C:\AdwCleaner[R1].txt - [1004 octets] ##########

cosinus 18.10.2012 09:59
Die Logs bitte in CODE-Tags! :kloppen:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Bong 18.10.2012 12:44
Bitteschön:

Code:
# AdwCleaner v2.005 - Logfile created 10/18/2012 at 13:03:31
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional  (32 bits)
# User : User - STATION01
# Boot Mode : Safe mode
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

*************************

AdwCleaner[R1].txt - [1073 octets] - [18/10/2012 00:59:54]
AdwCleaner[S1].txt - [858 octets] - [18/10/2012 13:03:31]

########## EOF - C:\AdwCleaner[S1].txt - [917 octets] ##########

cosinus 18.10.2012 12:56
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bong 18.10.2012 16:19
Also der Rechner bootet ganz normal, auch im Startmenü keine Auffälligkeiten. Desktop ist bis auf OTL, adw etc genau wie vorher.
Alle Files, Folders etc sind vorhanden, Programme starten wie gehabt.

cosinus 18.10.2012 16:20
Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Bong 18.10.2012 16:42
Soll ich das im Safe Mode oder ganz normal machen?

So, ich hab den Scan jetzt mal im Normalen Modus ausgeführt:

OTL Logfile:
Code:
OTL logfile created on: 18/10/2012 18:45:57 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\User\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000140C | Country: Luxembourg | Language: FRL | Date Format: dd/MM/yyyy
 
3,43 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 73,29% Memory free
6,87 Gb Paging File | 5,86 Gb Available in Paging File | 85,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 124,40 Gb Free Space | 41,77% Space Free | Partition Type: NTFS
 
Computer Name: STATION01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/12 17:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/08/09 09:20:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/09 10:44:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/09 10:44:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/09 10:44:27 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/11/14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/26 02:14:10 | 000,053,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LBTWiz.exe
PRC - [2010/06/22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/06/14 00:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
PRC - [2009/11/04 23:46:40 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 23:46:38 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/04 23:46:30 | 001,098,264 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/23 16:16:12 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2005/09/06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/11 13:50:51 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/08/11 13:50:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/12 12:39:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/12 12:39:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/12 12:39:53 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/12 12:39:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/11/14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2009/05/18 10:55:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/05/18 10:55:44 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/05/18 10:55:44 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/09/19 15:26:15 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/08 12:25:03 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 10:44:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 10:44:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/17 16:59:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/14 00:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/04 23:46:40 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 23:46:38 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/23 16:16:12 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/05/09 10:44:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 10:44:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/07/02 14:21:18 | 010,993,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/01/12 16:24:00 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/12/10 09:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 23:50:46 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2003/07/11 15:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.lu/
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 34 61 90 16 CF CA 01  [binary data]
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes,DefaultScope = {9009733B-8683-4B13-9C08-5B4378D967C8}
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{9009733B-8683-4B13-9C08-5B4378D967C8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/19 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/25 14:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/05/02 03:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\extensions
[2012/03/15 12:57:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/25 14:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/19 15:26:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/19 15:26:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/19 15:26:14 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/10/13 03:08:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D81D153-0A2A-41E5-8E83-621BFAD54993}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8da25799-3b42-11df-a0ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8da25799-3b42-11df-a0ee-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/18 17:16:03 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BMW
[2012/10/14 21:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/14 21:33:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/10/14 21:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/14 21:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/14 21:33:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/14 21:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/14 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Diagnostics
[2012/10/13 03:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/12 18:56:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/19 01:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/19 01:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/18 18:48:27 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 18:48:27 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 18:45:33 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/18 18:45:33 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/18 18:41:15 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 18:41:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 18:41:06 | 2765,991,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 13:24:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 13:07:02 | 000,538,941 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012/10/14 21:33:09 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/13 03:08:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/12 17:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/21 15:16:37 | 000,001,105 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/09/19 01:29:40 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/18 23:36:09 | 001,471,414 | ---- | M] () -- C:\Users\User\Documents\IMG_1673.JPG
 
========== Files Created - No Company Name ==========
 
[2012/10/17 13:06:43 | 000,538,941 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012/10/14 21:33:09 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/18 23:51:43 | 001,923,849 | ---- | C] () -- C:\Users\User\Documents\IMG_1743.JPG
[2012/09/18 23:51:43 | 001,854,024 | ---- | C] () -- C:\Users\User\Documents\IMG_1745.JPG
[2012/09/18 23:51:43 | 001,830,059 | ---- | C] () -- C:\Users\User\Documents\IMG_1744.JPG
[2012/09/18 23:51:42 | 001,935,569 | ---- | C] () -- C:\Users\User\Documents\IMG_1742.JPG
[2012/09/18 23:51:42 | 001,687,218 | ---- | C] () -- C:\Users\User\Documents\IMG_1736.JPG
[2012/09/18 23:51:42 | 001,657,945 | ---- | C] () -- C:\Users\User\Documents\IMG_1741.JPG
[2012/09/18 23:51:42 | 001,553,175 | ---- | C] () -- C:\Users\User\Documents\IMG_1737.JPG
[2012/09/18 23:51:42 | 001,505,575 | ---- | C] () -- C:\Users\User\Documents\IMG_1738.JPG
[2012/09/18 23:51:42 | 001,274,171 | ---- | C] () -- C:\Users\User\Documents\IMG_1739.JPG
[2012/09/18 23:51:42 | 001,244,727 | ---- | C] () -- C:\Users\User\Documents\IMG_1740.JPG
[2012/09/18 23:51:41 | 001,992,984 | ---- | C] () -- C:\Users\User\Documents\IMG_1734.JPG
[2012/09/18 23:51:41 | 001,966,867 | ---- | C] () -- C:\Users\User\Documents\IMG_1733.JPG
[2012/09/18 23:51:41 | 001,948,377 | ---- | C] () -- C:\Users\User\Documents\IMG_1732.JPG
[2012/09/18 23:51:41 | 001,880,119 | ---- | C] () -- C:\Users\User\Documents\IMG_1731.JPG
[2012/09/18 23:51:41 | 001,828,339 | ---- | C] () -- C:\Users\User\Documents\IMG_1730.JPG
[2012/09/18 23:51:41 | 001,787,871 | ---- | C] () -- C:\Users\User\Documents\IMG_1729.JPG
[2012/09/18 23:51:41 | 001,660,175 | ---- | C] () -- C:\Users\User\Documents\IMG_1728.JPG
[2012/09/18 23:51:40 | 001,667,076 | ---- | C] () -- C:\Users\User\Documents\IMG_1726.JPG
[2012/09/18 23:51:40 | 001,627,959 | ---- | C] () -- C:\Users\User\Documents\IMG_1727.JPG
[2012/09/18 23:51:40 | 001,462,537 | ---- | C] () -- C:\Users\User\Documents\IMG_1723.JPG
[2012/09/18 23:51:40 | 001,454,001 | ---- | C] () -- C:\Users\User\Documents\IMG_1721.JPG
[2012/09/18 23:51:40 | 001,430,465 | ---- | C] () -- C:\Users\User\Documents\IMG_1722.JPG
[2012/09/18 23:51:40 | 001,404,024 | ---- | C] () -- C:\Users\User\Documents\IMG_1724.JPG
[2012/09/18 23:51:40 | 001,387,425 | ---- | C] () -- C:\Users\User\Documents\IMG_1725.JPG
[2012/09/18 23:51:39 | 001,787,235 | ---- | C] () -- C:\Users\User\Documents\IMG_1746.JPG
[2012/09/18 23:32:59 | 002,709,638 | ---- | C] () -- C:\Users\User\Documents\IMG_1718.JPG
[2012/09/18 23:32:59 | 002,550,431 | ---- | C] () -- C:\Users\User\Documents\IMG_1717.JPG
[2012/09/18 23:32:59 | 001,761,504 | ---- | C] () -- C:\Users\User\Documents\IMG_1715.JPG
[2012/09/18 23:32:59 | 001,690,212 | ---- | C] () -- C:\Users\User\Documents\IMG_1716.JPG
[2012/09/18 23:32:59 | 001,660,314 | ---- | C] () -- C:\Users\User\Documents\IMG_1714.JPG
[2012/09/18 23:32:58 | 002,019,683 | ---- | C] () -- C:\Users\User\Documents\IMG_1711.JPG
[2012/09/18 23:32:58 | 001,566,553 | ---- | C] () -- C:\Users\User\Documents\IMG_1712.JPG
[2012/09/18 23:32:58 | 000,925,351 | ---- | C] () -- C:\Users\User\Documents\IMG_1713.JPG
[2012/09/18 23:32:57 | 022,575,690 | ---- | C] () -- C:\Users\User\Documents\IMG_1693.MOV
[2012/09/18 23:32:47 | 128,400,393 | ---- | C] () -- C:\Users\User\Documents\IMG_1692.MOV
[2012/09/18 23:32:45 | 045,910,042 | ---- | C] () -- C:\Users\User\Documents\IMG_1691.MOV
[2012/09/18 23:32:43 | 027,496,376 | ---- | C] () -- C:\Users\User\Documents\IMG_1690.MOV
[2012/09/18 23:32:39 | 053,115,200 | ---- | C] () -- C:\Users\User\Documents\IMG_1689.MOV
[2012/09/18 23:32:28 | 081,584,599 | ---- | C] () -- C:\Users\User\Documents\IMG_1688.MOV
[2012/09/18 23:32:26 | 029,618,847 | ---- | C] () -- C:\Users\User\Documents\IMG_1687.MOV
[2012/09/18 23:32:26 | 001,222,367 | ---- | C] () -- C:\Users\User\Documents\IMG_1685.JPG
[2012/09/18 23:32:22 | 052,675,465 | ---- | C] () -- C:\Users\User\Documents\IMG_1683.MOV
[2012/09/18 23:32:21 | 018,497,900 | ---- | C] () -- C:\Users\User\Documents\IMG_1682.MOV
[2012/09/18 23:32:21 | 001,630,410 | ---- | C] () -- C:\Users\User\Documents\IMG_1681.JPG
[2012/09/18 23:32:20 | 002,116,019 | ---- | C] () -- C:\Users\User\Documents\IMG_1675.JPG
[2012/09/18 23:32:20 | 002,035,388 | ---- | C] () -- C:\Users\User\Documents\IMG_1677.JPG
[2012/09/18 23:32:20 | 001,938,783 | ---- | C] () -- C:\Users\User\Documents\IMG_1678.JPG
[2012/09/18 23:32:20 | 001,915,754 | ---- | C] () -- C:\Users\User\Documents\IMG_1676.JPG
[2012/09/18 23:32:20 | 001,678,798 | ---- | C] () -- C:\Users\User\Documents\IMG_1679.JPG
[2012/09/18 23:32:20 | 001,641,200 | ---- | C] () -- C:\Users\User\Documents\IMG_1680.JPG
[2012/09/18 23:32:19 | 002,195,733 | ---- | C] () -- C:\Users\User\Documents\IMG_1674.JPG
[2012/09/18 23:32:19 | 001,759,712 | ---- | C] () -- C:\Users\User\Documents\IMG_1719.JPG
[2012/09/18 23:32:19 | 001,729,643 | ---- | C] () -- C:\Users\User\Documents\IMG_1672.JPG
[2012/09/18 23:32:19 | 001,471,414 | ---- | C] () -- C:\Users\User\Documents\IMG_1673.JPG
[2012/09/18 23:32:19 | 001,462,831 | ---- | C] () -- C:\Users\User\Documents\IMG_1670.JPG
[2012/09/18 23:32:19 | 001,299,658 | ---- | C] () -- C:\Users\User\Documents\IMG_1671.JPG
[2010/10/22 15:43:31 | 000,000,266 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2010/10/22 15:29:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2002/08/26 19:54:44 | 000,327,680 | R--- | C] () -- C:\Users\User\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Spearit
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Spearit
[2010/11/24 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2012/03/15 12:54:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Garmin
[2010/09/21 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011/10/19 19:52:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SkyTestBU0
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spearit
[2012/02/25 02:06:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2012/08/10 00:50:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2012/03/12 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Avira
[2010/11/24 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2012/05/11 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FastStone
[2012/03/15 12:54:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Garmin
[2010/10/24 01:40:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Google
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2010/09/21 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010/09/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd
[2010/09/21 08:29:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech
[2010/03/31 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2012/10/14 21:33:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2009/07/14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2012/05/12 00:28:15 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2012/02/25 14:34:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2010/10/28 12:48:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nero
[2010/09/30 20:27:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NVIDIA
[2011/07/31 23:19:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2011/10/19 19:52:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SkyTestBU0
[2010/03/31 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spearit
[2012/02/25 02:06:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
 
< %APPDATA%\*.exe /s >
[2002/08/26 19:54:44 | 000,327,680 | R--- | M] () -- C:\Users\User\AppData\Roaming\MafiaSetup.exe
[2010/02/01 03:45:40 | 000,038,784 | ---- | M] () -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/05/10 03:57:53 | 000,007,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_20e36a9a.exe
[2012/05/10 03:57:53 | 000,007,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_5a9f4086.exe
[2010/09/21 08:26:48 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 18.10.2012 19:15
Code:
Professional  (Version = 6.1.7600)
(Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
Windows Prof und CATIA? :wtf:
Ist das ein Büro-/Firmen-PC?

Bong 21.10.2012 13:41
Das CATIA ist noch ein Überbleibsel aus meiner Zeit als Maschinenbau-Student.
Der PC ist mein privater Home-PC, also weder Büro noch Firma.

cosinus 21.10.2012 15:58
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Bong 21.10.2012 18:01
Mir ist aufgefallen, dass ich veschiedene aktionen im Normalen Modus nicht mehr unbeschränkt ausführen kann:
Ich bastele gerne an Microsoft FlightSimulator9 rum, und jetzt muss ich immer "administrator rights" providen um folder oder files zu verschieben, und wenn ich .txt Dateien editiere, kann ich diese nicht mehr überschreiben ("access denied").

Hier das Log:
Code:
18:54:23.0891 3620  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:54:23.0907 3620  ============================================================
18:54:23.0907 3620  Current date / time: 2012/10/21 18:54:23.0907
18:54:23.0907 3620  SystemInfo:
18:54:23.0907 3620 
18:54:23.0907 3620  OS Version: 6.1.7600 ServicePack: 0.0
18:54:23.0907 3620  Product type: Workstation
18:54:23.0907 3620  ComputerName: STATION01
18:54:23.0907 3620  UserName: User
18:54:23.0907 3620  Windows directory: C:\Windows
18:54:23.0907 3620  System windows directory: C:\Windows
18:54:23.0907 3620  Processor architecture: Intel x86
18:54:23.0907 3620  Number of processors: 8
18:54:23.0907 3620  Page size: 0x1000
18:54:23.0907 3620  Boot type: Normal boot
18:54:23.0907 3620  ============================================================
18:54:25.0250 3620  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:25.0266 3620  Drive \Device\Harddisk3\DR5 - Size: 0xEE800000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:25.0266 3620  ============================================================
18:54:25.0266 3620  \Device\Harddisk0\DR0:
18:54:25.0266 3620  MBR partitions:
18:54:25.0266 3620  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x8D800
18:54:25.0266 3620  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8E000, BlocksNum 0x253A0000
18:54:25.0266 3620  \Device\Harddisk3\DR5:
18:54:25.0266 3620  MBR partitions:
18:54:25.0266 3620  \Device\Harddisk3\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x772080
18:54:25.0266 3620  ============================================================
18:54:25.0297 3620  C: <-> \Device\Harddisk0\DR0\Partition2
18:54:25.0297 3620  ============================================================
18:54:25.0297 3620  Initialize success
18:54:25.0297 3620  ============================================================
18:54:44.0002 4616  ============================================================
18:54:44.0002 4616  Scan started
18:54:44.0002 4616  Mode: Manual; SigCheck; TDLFS;
18:54:44.0002 4616  ============================================================
18:54:45.0393 4616  ================ Scan system memory ========================
18:54:45.0393 4616  System memory - ok
18:54:45.0393 4616  ================ Scan services =============================
18:54:45.0487 4616  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
18:54:45.0581 4616  1394ohci - ok
18:54:45.0596 4616  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
18:54:45.0612 4616  ACPI - ok
18:54:45.0627 4616  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
18:54:45.0659 4616  AcpiPmi - ok
18:54:45.0706 4616  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
18:54:45.0737 4616  adp94xx - ok
18:54:45.0752 4616  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
18:54:45.0768 4616  adpahci - ok
18:54:45.0799 4616  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
18:54:45.0831 4616  adpu320 - ok
18:54:45.0846 4616  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
18:54:45.0877 4616  AeLookupSvc - ok
18:54:45.0941 4616  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD            C:\Windows\system32\drivers\afd.sys
18:54:46.0003 4616  AFD - ok
18:54:46.0035 4616  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
18:54:46.0066 4616  agp440 - ok
18:54:46.0082 4616  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
18:54:46.0097 4616  aic78xx - ok
18:54:46.0128 4616  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
18:54:46.0175 4616  ALG - ok
18:54:46.0191 4616  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
18:54:46.0207 4616  aliide - ok
18:54:46.0222 4616  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
18:54:46.0238 4616  amdagp - ok
18:54:46.0253 4616  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
18:54:46.0285 4616  amdide - ok
18:54:46.0300 4616  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
18:54:46.0347 4616  AmdK8 - ok
18:54:46.0363 4616  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:54:46.0394 4616  AmdPPM - ok
18:54:46.0425 4616  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
18:54:46.0441 4616  amdsata - ok
18:54:46.0457 4616  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:54:46.0488 4616  amdsbs - ok
18:54:46.0488 4616  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
18:54:46.0519 4616  amdxata - ok
18:54:46.0613 4616  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:54:46.0628 4616  AntiVirSchedulerService - ok
18:54:46.0660 4616  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:54:46.0675 4616  AntiVirService - ok
18:54:46.0691 4616  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID          C:\Windows\system32\drivers\appid.sys
18:54:46.0832 4616  AppID - ok
18:54:46.0925 4616  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:54:47.0035 4616  AppIDSvc - ok
18:54:47.0050 4616  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo        C:\Windows\System32\appinfo.dll
18:54:47.0066 4616  Appinfo - ok
18:54:47.0144 4616  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:54:47.0160 4616  Apple Mobile Device - ok
18:54:47.0175 4616  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt        C:\Windows\System32\appmgmts.dll
18:54:47.0238 4616  AppMgmt - ok
18:54:47.0269 4616  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
18:54:47.0285 4616  arc - ok
18:54:47.0300 4616  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:54:47.0332 4616  arcsas - ok
18:54:47.0347 4616  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:47.0378 4616  AsyncMac - ok
18:54:47.0394 4616  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
18:54:47.0394 4616  atapi - ok
18:54:47.0425 4616  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:54:47.0472 4616  AudioEndpointBuilder - ok
18:54:47.0488 4616  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:54:47.0503 4616  Audiosrv - ok
18:54:47.0550 4616  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:54:47.0550 4616  avgntflt - ok
18:54:47.0582 4616  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:54:47.0597 4616  avipbb - ok
18:54:47.0597 4616  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:54:47.0613 4616  avkmgr - ok
18:54:47.0644 4616  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:54:47.0707 4616  AxInstSV - ok
18:54:47.0738 4616  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
18:54:47.0785 4616  b06bdrv - ok
18:54:47.0816 4616  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:54:47.0878 4616  b57nd60x - ok
18:54:48.0003 4616  [ B68B7EB9C8652E51654396AED5078E49 ] BBDemon        C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
18:54:51.0191 4616  BBDemon ( UnsignedFile.Multi.Generic ) - warning
18:54:51.0191 4616  BBDemon - detected UnsignedFile.Multi.Generic (1)
18:54:51.0253 4616  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:54:51.0332 4616  BDESVC - ok
18:54:51.0363 4616  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:54:51.0410 4616  Beep - ok
18:54:51.0441 4616  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE            C:\Windows\System32\bfe.dll
18:54:51.0472 4616  BFE - ok
18:54:51.0488 4616  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
18:54:51.0535 4616  BITS - ok
18:54:51.0550 4616  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:54:51.0582 4616  blbdrive - ok
18:54:51.0691 4616  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:54:51.0691 4616  Bonjour Service - ok
18:54:51.0738 4616  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:54:51.0769 4616  bowser - ok
18:54:51.0785 4616  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:54:51.0816 4616  BrFiltLo - ok
18:54:51.0832 4616  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:54:51.0863 4616  BrFiltUp - ok
18:54:51.0894 4616  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser        C:\Windows\System32\browser.dll
18:54:51.0925 4616  Browser - ok
18:54:51.0972 4616  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
18:54:52.0019 4616  Brserid - ok
18:54:52.0035 4616  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:54:52.0082 4616  BrSerWdm - ok
18:54:52.0097 4616  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:54:52.0128 4616  BrUsbMdm - ok
18:54:52.0144 4616  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:54:52.0175 4616  BrUsbSer - ok
18:54:52.0191 4616  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:54:52.0222 4616  BTHMODEM - ok
18:54:52.0253 4616  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
18:54:52.0285 4616  bthserv - ok
18:54:52.0332 4616  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:54:52.0378 4616  cdfs - ok
18:54:52.0410 4616  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
18:54:52.0441 4616  cdrom - ok
18:54:52.0457 4616  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc    C:\Windows\System32\certprop.dll
18:54:52.0503 4616  CertPropSvc - ok
18:54:52.0519 4616  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:54:52.0550 4616  circlass - ok
18:54:52.0566 4616  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
18:54:52.0597 4616  CLFS - ok
18:54:52.0660 4616  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:54:52.0675 4616  clr_optimization_v2.0.50727_32 - ok
18:54:52.0785 4616  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:54:52.0816 4616  clr_optimization_v4.0.30319_32 - ok
18:54:52.0832 4616  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:52.0863 4616  CmBatt - ok
18:54:52.0878 4616  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
18:54:52.0894 4616  cmdide - ok
18:54:52.0941 4616  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG            C:\Windows\system32\Drivers\cng.sys
18:54:52.0989 4616  CNG - ok
18:54:53.0004 4616  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:54:53.0036 4616  Compbatt - ok
18:54:53.0051 4616  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:54:53.0067 4616  CompositeBus - ok
18:54:53.0067 4616  COMSysApp - ok
18:54:53.0083 4616  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
18:54:53.0098 4616  crcdisk - ok
18:54:53.0145 4616  [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:54:53.0176 4616  CryptSvc - ok
18:54:53.0208 4616  [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC            C:\Windows\system32\drivers\csc.sys
18:54:53.0286 4616  CSC - ok
18:54:53.0301 4616  [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService      C:\Windows\System32\cscsvc.dll
18:54:53.0333 4616  CscService - ok
18:54:53.0379 4616  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:54:53.0411 4616  DcomLaunch - ok
18:54:53.0426 4616  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
18:54:53.0442 4616  defragsvc - ok
18:54:53.0489 4616  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:54:53.0520 4616  DfsC - ok
18:54:53.0551 4616  [ 31273C758C6DF7FC27B00BE78C7220E9 ] DFUBTUSB        C:\Windows\system32\Drivers\frmupgr.sys
18:54:53.0583 4616  DFUBTUSB - ok
18:54:53.0598 4616  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:54:53.0614 4616  Dhcp - ok
18:54:53.0629 4616  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
18:54:53.0661 4616  discache - ok
18:54:53.0708 4616  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:54:53.0723 4616  Disk - ok
18:54:53.0754 4616  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:54:53.0786 4616  Dnscache - ok
18:54:53.0801 4616  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc        C:\Windows\System32\dot3svc.dll
18:54:53.0864 4616  dot3svc - ok
18:54:53.0895 4616  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS            C:\Windows\system32\dps.dll
18:54:53.0926 4616  DPS - ok
18:54:53.0958 4616  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
18:54:53.0973 4616  drmkaud - ok
18:54:54.0020 4616  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
18:54:54.0051 4616  DXGKrnl - ok
18:54:54.0083 4616  [ A13F07A0422E4A04E7FF6F6F3B05E729 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
18:54:54.0114 4616  e1kexpress - ok
18:54:54.0129 4616  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
18:54:54.0161 4616  EapHost - ok
18:54:54.0239 4616  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
18:54:54.0348 4616  ebdrv - ok
18:54:54.0379 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS            C:\Windows\System32\lsass.exe
18:54:54.0426 4616  EFS - ok
18:54:54.0489 4616  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
18:54:54.0536 4616  ehRecvr - ok
18:54:54.0551 4616  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
18:54:54.0614 4616  ehSched - ok
18:54:54.0629 4616  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
18:54:54.0676 4616  elxstor - ok
18:54:54.0692 4616  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
18:54:54.0723 4616  ErrDev - ok
18:54:54.0754 4616  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
18:54:54.0786 4616  EventSystem - ok
18:54:54.0817 4616  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
18:54:54.0848 4616  exfat - ok
18:54:54.0864 4616  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
18:54:54.0895 4616  fastfat - ok
18:54:54.0911 4616  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax            C:\Windows\system32\fxssvc.exe
18:54:54.0942 4616  Fax - ok
18:54:54.0958 4616  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
18:54:54.0989 4616  fdc - ok
18:54:55.0004 4616  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
18:54:55.0020 4616  fdPHost - ok
18:54:55.0036 4616  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
18:54:55.0067 4616  FDResPub - ok
18:54:55.0098 4616  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:54:55.0129 4616  FileInfo - ok
18:54:55.0129 4616  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
18:54:55.0161 4616  Filetrace - ok
18:54:55.0192 4616  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:55.0223 4616  flpydisk - ok
18:54:55.0254 4616  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:54:55.0270 4616  FltMgr - ok
18:54:55.0317 4616  [ 7FE4995528A7529A761875151EE3D512 ] FontCache      C:\Windows\system32\FntCache.dll
18:54:55.0364 4616  FontCache - ok
18:54:55.0395 4616  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:54:55.0426 4616  FontCache3.0.0.0 - ok
18:54:55.0442 4616  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
18:54:55.0458 4616  FsDepends - ok
18:54:55.0504 4616  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:54:55.0504 4616  Fs_Rec - ok
18:54:55.0551 4616  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:54:55.0583 4616  fvevol - ok
18:54:55.0614 4616  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:54:55.0629 4616  gagp30kx - ok
18:54:55.0676 4616  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:54:55.0692 4616  GEARAspiWDM - ok
18:54:55.0723 4616  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc          C:\Windows\System32\gpsvc.dll
18:54:55.0754 4616  gpsvc - ok
18:54:55.0879 4616  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
18:54:55.0895 4616  gupdate - ok
18:54:55.0895 4616  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:54:55.0911 4616  gupdatem - ok
18:54:55.0973 4616  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:54:55.0973 4616  gusvc - ok
18:54:56.0004 4616  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:54:56.0036 4616  hcw85cir - ok
18:54:56.0067 4616  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:54:56.0098 4616  HdAudAddService - ok
18:54:56.0114 4616  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:54:56.0129 4616  HDAudBus - ok
18:54:56.0161 4616  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
18:54:56.0192 4616  HECI - ok
18:54:56.0208 4616  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
18:54:56.0254 4616  HidBatt - ok
18:54:56.0270 4616  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:54:56.0301 4616  HidBth - ok
18:54:56.0333 4616  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
18:54:56.0364 4616  HidIr - ok
18:54:56.0395 4616  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
18:54:56.0411 4616  hidserv - ok
18:54:56.0442 4616  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:54:56.0473 4616  HidUsb - ok
18:54:56.0504 4616  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:54:56.0536 4616  hkmsvc - ok
18:54:56.0551 4616  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:54:56.0614 4616  HomeGroupListener - ok
18:54:56.0629 4616  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:54:56.0661 4616  HomeGroupProvider - ok
18:54:56.0676 4616  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
18:54:56.0708 4616  HpSAMD - ok
18:54:56.0739 4616  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:54:56.0786 4616  HTTP - ok
18:54:56.0817 4616  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:54:56.0833 4616  hwpolicy - ok
18:54:56.0848 4616  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:54:56.0895 4616  i8042prt - ok
18:54:56.0958 4616  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
18:54:56.0989 4616  iaStorV - ok
18:54:57.0114 4616  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:54:57.0129 4616  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:54:57.0129 4616  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:54:57.0176 4616  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:54:57.0223 4616  idsvc - ok
18:54:57.0364 4616  [ 678B92645258162C9A81F3CC874CFF43 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:54:57.0551 4616  igfx ( UnsignedFile.Multi.Generic ) - warning
18:54:57.0551 4616  igfx - detected UnsignedFile.Multi.Generic (1)
18:54:57.0567 4616  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
18:54:57.0583 4616  iirsp - ok
18:54:57.0614 4616  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:54:57.0645 4616  IKEEXT - ok
18:54:57.0739 4616  [ 810AD686E0C342817B24A631F734850C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:54:57.0848 4616  IntcAzAudAddService - ok
18:54:57.0864 4616  [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:54:57.0895 4616  IntcDAud ( UnsignedFile.Multi.Generic ) - warning
18:54:57.0895 4616  IntcDAud - detected UnsignedFile.Multi.Generic (1)
18:54:57.0911 4616  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
18:54:57.0942 4616  intelide - ok
18:54:57.0958 4616  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:54:57.0989 4616  intelppm - ok
18:54:58.0004 4616  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
18:54:58.0051 4616  IPBusEnum - ok
18:54:58.0083 4616  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:54:58.0129 4616  IpFilterDriver - ok
18:54:58.0161 4616  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:54:58.0192 4616  iphlpsvc - ok
18:54:58.0208 4616  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:54:58.0254 4616  IPMIDRV - ok
18:54:58.0270 4616  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
18:54:58.0317 4616  IPNAT - ok
18:54:58.0379 4616  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:54:58.0395 4616  iPod Service - ok
18:54:58.0411 4616  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:54:58.0442 4616  IRENUM - ok
18:54:58.0473 4616  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
18:54:58.0489 4616  isapnp - ok
18:54:58.0504 4616  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:54:58.0536 4616  iScsiPrt - ok
18:54:58.0551 4616  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:54:58.0583 4616  kbdclass - ok
18:54:58.0598 4616  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:54:58.0629 4616  kbdhid - ok
18:54:58.0629 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
18:54:58.0645 4616  KeyIso - ok
18:54:58.0676 4616  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:54:58.0708 4616  KSecDD - ok
18:54:58.0723 4616  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
18:54:58.0754 4616  KSecPkg - ok
18:54:58.0786 4616  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
18:54:58.0833 4616  KtmRm - ok
18:54:58.0879 4616  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:54:58.0926 4616  LanmanServer - ok
18:54:58.0942 4616  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:54:58.0958 4616  LanmanWorkstation - ok
18:54:59.0083 4616  [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:54:59.0098 4616  LBTServ - ok
18:54:59.0114 4616  [ B68309F25C5787385DA842EB5B496958 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:54:59.0129 4616  LHidFilt - ok
18:54:59.0176 4616  [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:54:59.0208 4616  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:54:59.0208 4616  LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:54:59.0239 4616  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:54:59.0286 4616  lltdio - ok
18:54:59.0317 4616  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
18:54:59.0364 4616  lltdsvc - ok
18:54:59.0379 4616  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
18:54:59.0411 4616  lmhosts - ok
18:54:59.0426 4616  [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:54:59.0458 4616  LMouFilt - ok
18:54:59.0520 4616  [ 17A9C5FFA241AAAB275EE5CACEF77686 ] LMS            C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:54:59.0536 4616  LMS - ok
18:54:59.0567 4616  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:54:59.0583 4616  LSI_FC - ok
18:54:59.0614 4616  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
18:54:59.0645 4616  LSI_SAS - ok
18:54:59.0676 4616  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:54:59.0692 4616  LSI_SAS2 - ok
18:54:59.0708 4616  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:54:59.0739 4616  LSI_SCSI - ok
18:54:59.0754 4616  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
18:54:59.0786 4616  luafv - ok
18:54:59.0848 4616  [ A83CA48076A3C43C3B71175095838D69 ] LUMDriver      C:\Windows\system32\drivers\LUMDriver.sys
18:54:59.0864 4616  LUMDriver ( UnsignedFile.Multi.Generic ) - warning
18:54:59.0864 4616  LUMDriver - detected UnsignedFile.Multi.Generic (1)
18:54:59.0879 4616  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
18:54:59.0911 4616  Mcx2Svc - ok
18:54:59.0926 4616  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
18:54:59.0958 4616  megasas - ok
18:54:59.0973 4616  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:54:59.0989 4616  MegaSR - ok
18:55:00.0004 4616  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
18:55:00.0036 4616  MMCSS - ok
18:55:00.0067 4616  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
18:55:00.0114 4616  Modem - ok
18:55:00.0129 4616  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
18:55:00.0145 4616  monitor - ok
18:55:00.0176 4616  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:55:00.0192 4616  mouclass - ok
18:55:00.0208 4616  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:55:00.0223 4616  mouhid - ok
18:55:00.0239 4616  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:55:00.0270 4616  mountmgr - ok
18:55:00.0333 4616  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:55:00.0348 4616  MozillaMaintenance - ok
18:55:00.0379 4616  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
18:55:00.0411 4616  mpio - ok
18:55:00.0426 4616  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:55:00.0473 4616  mpsdrv - ok
18:55:00.0504 4616  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:55:00.0536 4616  MpsSvc - ok
18:55:00.0567 4616  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:55:00.0583 4616  MRxDAV - ok
18:55:00.0629 4616  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:00.0676 4616  mrxsmb - ok
18:55:00.0708 4616  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:00.0739 4616  mrxsmb10 - ok
18:55:00.0739 4616  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:00.0786 4616  mrxsmb20 - ok
18:55:00.0801 4616  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
18:55:00.0833 4616  msahci - ok
18:55:00.0848 4616  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
18:55:00.0864 4616  msdsm - ok
18:55:00.0879 4616  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
18:55:00.0911 4616  MSDTC - ok
18:55:00.0942 4616  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:55:00.0974 4616  Msfs - ok
18:55:00.0974 4616  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
18:55:01.0005 4616  mshidkmdf - ok
18:55:01.0021 4616  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
18:55:01.0037 4616  msisadrv - ok
18:55:01.0052 4616  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
18:55:01.0083 4616  MSiSCSI - ok
18:55:01.0099 4616  msiserver - ok
18:55:01.0115 4616  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
18:55:01.0162 4616  MSKSSRV - ok
18:55:01.0177 4616  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:01.0208 4616  MSPCLOCK - ok
18:55:01.0208 4616  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
18:55:01.0255 4616  MSPQM - ok
18:55:01.0271 4616  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
18:55:01.0287 4616  MsRPC - ok
18:55:01.0302 4616  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:01.0318 4616  mssmbios - ok
18:55:01.0318 4616  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
18:55:01.0349 4616  MSTEE - ok
18:55:01.0380 4616  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:55:01.0396 4616  MTConfig - ok
18:55:01.0412 4616  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
18:55:01.0443 4616  Mup - ok
18:55:01.0474 4616  [ 7F16EE8322EBDF3C3B2D1A69F8030FD4 ] NAL            C:\Windows\system32\Drivers\iqvw32.sys
18:55:01.0490 4616  NAL - ok
18:55:01.0521 4616  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
18:55:01.0552 4616  napagent - ok
18:55:01.0583 4616  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
18:55:01.0615 4616  NativeWifiP - ok
18:55:01.0646 4616  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:55:01.0662 4616  NDIS - ok
18:55:01.0677 4616  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:01.0724 4616  NdisCap - ok
18:55:01.0740 4616  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:01.0771 4616  NdisTapi - ok
18:55:01.0802 4616  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:01.0833 4616  Ndisuio - ok
18:55:01.0865 4616  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:01.0896 4616  NdisWan - ok
18:55:01.0896 4616  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
18:55:01.0927 4616  NDProxy - ok
18:55:01.0990 4616  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:55:02.0005 4616  Nero BackItUp Scheduler 4.0 - ok
18:55:02.0021 4616  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
18:55:02.0068 4616  NetBIOS - ok
18:55:02.0083 4616  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
18:55:02.0115 4616  NetBT - ok
18:55:02.0115 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
18:55:02.0130 4616  Netlogon - ok
18:55:02.0162 4616  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
18:55:02.0193 4616  Netman - ok
18:55:02.0224 4616  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
18:55:02.0255 4616  netprofm - ok
18:55:02.0287 4616  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:02.0302 4616  NetTcpPortSharing - ok
18:55:02.0318 4616  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
18:55:02.0349 4616  nfrd960 - ok
18:55:02.0365 4616  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:55:02.0380 4616  NlaSvc - ok
18:55:02.0412 4616  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:55:02.0443 4616  Npfs - ok
18:55:02.0458 4616  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
18:55:02.0474 4616  nsi - ok
18:55:02.0490 4616  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:55:02.0505 4616  nsiproxy - ok
18:55:02.0568 4616  [ 187002CE05693C306F43C873F821381F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:55:02.0599 4616  Ntfs - ok
18:55:02.0615 4616  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
18:55:02.0630 4616  Null - ok
18:55:02.0802 4616  [ 1516CEEF99501B2D130651AF261644EE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:55:03.0052 4616  nvlddmkm - ok
18:55:03.0068 4616  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:55:03.0083 4616  nvraid - ok
18:55:03.0130 4616  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:55:03.0146 4616  nvstor - ok
18:55:03.0177 4616  [ 3E12F75F840974395178654AD3CFCC8C ] nvsvc          C:\Windows\system32\nvvsvc.exe
18:55:03.0177 4616  nvsvc - ok
18:55:03.0193 4616  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
18:55:03.0224 4616  nv_agp - ok
18:55:03.0240 4616  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:55:03.0255 4616  ohci1394 - ok
18:55:03.0287 4616  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:03.0302 4616  ose - ok
18:55:03.0412 4616  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:55:03.0521 4616  osppsvc - ok
18:55:03.0552 4616  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:55:03.0599 4616  p2pimsvc - ok
18:55:03.0599 4616  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:55:03.0646 4616  p2psvc - ok
18:55:03.0662 4616  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
18:55:03.0693 4616  Parport - ok
18:55:03.0724 4616  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr        C:\Windows\system32\drivers\partmgr.sys
18:55:03.0755 4616  partmgr - ok
18:55:03.0771 4616  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
18:55:03.0802 4616  Parvdm - ok
18:55:03.0818 4616  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:55:03.0833 4616  PcaSvc - ok
18:55:03.0849 4616  [ C858CB77C577780ECC456A892E7E7D0F ] pci            C:\Windows\system32\DRIVERS\pci.sys
18:55:03.0849 4616  pci - ok
18:55:03.0865 4616  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
18:55:03.0896 4616  pciide - ok
18:55:03.0912 4616  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:55:03.0943 4616  pcmcia - ok
18:55:03.0958 4616  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
18:55:03.0990 4616  pcw - ok
18:55:04.0021 4616  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:55:04.0083 4616  PEAUTH - ok
18:55:04.0115 4616  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
18:55:04.0162 4616  PeerDistSvc - ok
18:55:04.0224 4616  [ 9C1BFF7910C89A1D12E57343475840CB ] pla            C:\Windows\system32\pla.dll
18:55:04.0287 4616  pla - ok
18:55:04.0333 4616  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:55:04.0380 4616  PlugPlay - ok
18:55:04.0396 4616  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
18:55:04.0427 4616  PNRPAutoReg - ok
18:55:04.0443 4616  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
18:55:04.0458 4616  PNRPsvc - ok
18:55:04.0490 4616  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
18:55:04.0537 4616  PolicyAgent - ok
18:55:04.0552 4616  [ DBFF83F709A91049621C1D35DD45C92C ] Power          C:\Windows\system32\umpo.dll
18:55:04.0568 4616  Power - ok
18:55:04.0583 4616  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:55:04.0615 4616  PptpMiniport - ok
18:55:04.0630 4616  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
18:55:04.0646 4616  Processor - ok
18:55:04.0708 4616  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc        C:\Windows\system32\profsvc.dll
18:55:04.0740 4616  ProfSvc - ok
18:55:04.0755 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:55:04.0755 4616  ProtectedStorage - ok
18:55:04.0787 4616  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:55:04.0818 4616  Psched - ok
18:55:04.0865 4616  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:55:04.0912 4616  ql2300 - ok
18:55:04.0927 4616  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:55:04.0958 4616  ql40xx - ok
18:55:04.0974 4616  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
18:55:05.0021 4616  QWAVE - ok
18:55:05.0037 4616  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:55:05.0068 4616  QWAVEdrv - ok
18:55:05.0146 4616  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr        C:\Windows\WindowsMobile\rapimgr.dll
18:55:05.0146 4616  RapiMgr - ok
18:55:05.0162 4616  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:55:05.0193 4616  RasAcd - ok
18:55:05.0208 4616  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
18:55:05.0240 4616  RasAgileVpn - ok
18:55:05.0271 4616  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
18:55:05.0302 4616  RasAuto - ok
18:55:05.0318 4616  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:05.0365 4616  Rasl2tp - ok
18:55:05.0396 4616  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
18:55:05.0412 4616  RasMan - ok
18:55:05.0427 4616  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:05.0458 4616  RasPppoe - ok
18:55:05.0490 4616  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
18:55:05.0505 4616  RasSstp - ok
18:55:05.0537 4616  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
18:55:05.0552 4616  rdbss - ok
18:55:05.0568 4616  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:55:05.0599 4616  rdpbus - ok
18:55:05.0615 4616  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:05.0662 4616  RDPCDD - ok
18:55:05.0677 4616  [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
18:55:05.0724 4616  RDPDR - ok
18:55:05.0740 4616  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:55:05.0771 4616  RDPENCDD - ok
18:55:05.0771 4616  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:55:05.0802 4616  RDPREFMP - ok
18:55:05.0849 4616  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
18:55:05.0880 4616  RDPWD - ok
18:55:05.0912 4616  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:55:05.0927 4616  rdyboost - ok
18:55:05.0943 4616  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:55:05.0990 4616  RemoteAccess - ok
18:55:06.0005 4616  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:55:06.0052 4616  RemoteRegistry - ok
18:55:06.0083 4616  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:55:06.0115 4616  RpcEptMapper - ok
18:55:06.0146 4616  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
18:55:06.0177 4616  RpcLocator - ok
18:55:06.0193 4616  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs          C:\Windows\system32\rpcss.dll
18:55:06.0224 4616  RpcSs - ok
18:55:06.0240 4616  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:55:06.0287 4616  rspndr - ok
18:55:06.0302 4616  [ 5423D8437051E89DD34749F242C98648 ] s3cap          C:\Windows\system32\DRIVERS\vms3cap.sys
18:55:06.0349 4616  s3cap - ok
18:55:06.0365 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs          C:\Windows\system32\lsass.exe
18:55:06.0365 4616  SamSs - ok
18:55:06.0396 4616  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
18:55:06.0412 4616  sbp2port - ok
18:55:06.0427 4616  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:55:06.0490 4616  SCardSvr - ok
18:55:06.0505 4616  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:55:06.0552 4616  scfilter - ok
18:55:06.0599 4616  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
18:55:06.0646 4616  Schedule - ok
18:55:06.0662 4616  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc    C:\Windows\System32\certprop.dll
18:55:06.0693 4616  SCPolicySvc - ok
18:55:06.0708 4616  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:55:06.0755 4616  SDRSVC - ok
18:55:06.0787 4616  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:55:06.0818 4616  secdrv - ok
18:55:06.0833 4616  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
18:55:06.0880 4616  seclogon - ok
18:55:06.0896 4616  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
18:55:06.0912 4616  SENS - ok
18:55:06.0943 4616  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:55:06.0974 4616  SensrSvc - ok
18:55:06.0990 4616  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
18:55:07.0021 4616  Serenum - ok
18:55:07.0037 4616  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:55:07.0052 4616  Serial - ok
18:55:07.0068 4616  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:55:07.0115 4616  sermouse - ok
18:55:07.0146 4616  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
18:55:07.0162 4616  SessionEnv - ok
18:55:07.0193 4616  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
18:55:07.0240 4616  sffdisk - ok
18:55:07.0255 4616  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:55:07.0271 4616  sffp_mmc - ok
18:55:07.0271 4616  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
18:55:07.0302 4616  sffp_sd - ok
18:55:07.0318 4616  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
18:55:07.0333 4616  sfloppy - ok
18:55:07.0365 4616  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:55:07.0396 4616  SharedAccess - ok
18:55:07.0427 4616  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:55:07.0458 4616  ShellHWDetection - ok
18:55:07.0490 4616  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
18:55:07.0505 4616  sisagp - ok
18:55:07.0537 4616  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:55:07.0537 4616  SiSRaid2 - ok
18:55:07.0568 4616  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:55:07.0599 4616  SiSRaid4 - ok
18:55:07.0662 4616  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
18:55:07.0724 4616  SkypeUpdate - ok
18:55:07.0755 4616  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
18:55:07.0802 4616  Smb - ok
18:55:07.0833 4616  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:55:07.0865 4616  SNMPTRAP - ok
18:55:07.0880 4616  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
18:55:07.0912 4616  spldr - ok
18:55:07.0958 4616  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler        C:\Windows\System32\spoolsv.exe
18:55:07.0990 4616  Spooler - ok
18:55:08.0052 4616  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
18:55:08.0115 4616  sppsvc - ok
18:55:08.0130 4616  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
18:55:08.0177 4616  sppuinotify - ok
18:55:08.0224 4616  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv            C:\Windows\system32\DRIVERS\srv.sys
18:55:08.0255 4616  srv - ok
18:55:08.0287 4616  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:55:08.0318 4616  srv2 - ok
18:55:08.0333 4616  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:55:08.0365 4616  srvnet - ok
18:55:08.0396 4616  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
18:55:08.0412 4616  SSDPSRV - ok
18:55:08.0458 4616  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:55:08.0458 4616  ssmdrv - ok
18:55:08.0474 4616  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
18:55:08.0521 4616  SstpSvc - ok
18:55:08.0537 4616  Steam Client Service - ok
18:55:08.0583 4616  [ 108F1BE5B024E5FA0B8801E5B9F5288B ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:55:08.0599 4616  Stereo Service - ok
18:55:08.0615 4616  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:55:08.0630 4616  stexstor - ok
18:55:08.0662 4616  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
18:55:08.0693 4616  StiSvc - ok
18:55:08.0708 4616  [ 957E346CA948668F2496A6CCF6FF82CC ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
18:55:08.0740 4616  storflt - ok
18:55:08.0755 4616  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc        C:\Windows\system32\storsvc.dll
18:55:08.0787 4616  StorSvc - ok
18:55:08.0787 4616  [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc        C:\Windows\system32\DRIVERS\storvsc.sys
18:55:08.0802 4616  storvsc - ok
18:55:08.0818 4616  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:55:08.0849 4616  swenum - ok
18:55:08.0880 4616  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
18:55:08.0927 4616  swprv - ok
18:55:08.0958 4616  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain        C:\Windows\system32\sysmain.dll
18:55:08.0974 4616  SysMain - ok
18:55:09.0006 4616  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:55:09.0038 4616  TabletInputService - ok
18:55:09.0053 4616  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv        C:\Windows\System32\tapisrv.dll
18:55:09.0100 4616  TapiSrv - ok
18:55:09.0116 4616  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
18:55:09.0131 4616  TBS - ok
18:55:09.0178 4616  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
18:55:09.0241 4616  Tcpip - ok
18:55:09.0288 4616  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:55:09.0303 4616  TCPIP6 - ok
18:55:09.0319 4616  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:55:09.0366 4616  tcpipreg - ok
18:55:09.0366 4616  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:55:09.0413 4616  TDPIPE - ok
18:55:09.0444 4616  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
18:55:09.0459 4616  TDTCP - ok
18:55:09.0475 4616  [ CB39E896A2A83702D1737BFD402B3542 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
18:55:09.0538 4616  tdx - ok
18:55:09.0553 4616  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:55:09.0584 4616  TermDD - ok
18:55:09.0616 4616  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService    C:\Windows\System32\termsrv.dll
18:55:09.0647 4616  TermService - ok
18:55:09.0663 4616  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
18:55:09.0678 4616  Themes - ok
18:55:09.0694 4616  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
18:55:09.0709 4616  THREADORDER - ok
18:55:09.0741 4616  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM            C:\Windows\system32\drivers\tpm.sys
18:55:09.0788 4616  TPM - ok
18:55:09.0819 4616  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
18:55:09.0850 4616  TrkWks - ok
18:55:09.0881 4616  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:55:09.0897 4616  TrustedInstaller - ok
18:55:09.0913 4616  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:09.0928 4616  tssecsrv - ok
18:55:09.0944 4616  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:55:09.0991 4616  tunnel - ok
18:55:10.0023 4616  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:55:10.0039 4616  uagp35 - ok
18:55:10.0054 4616  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:55:10.0101 4616  udfs - ok
18:55:10.0132 4616  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
18:55:10.0148 4616  UI0Detect - ok
18:55:10.0179 4616  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
18:55:10.0195 4616  uliagpkx - ok
18:55:10.0226 4616  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
18:55:10.0257 4616  umbus - ok
18:55:10.0273 4616  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:55:10.0304 4616  UmPass - ok
18:55:10.0335 4616  [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:55:10.0367 4616  UmRdpService - ok
18:55:10.0429 4616  [ 7953D636309B7F505C70667A7A2437CF ] UNS            C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:55:10.0476 4616  UNS - ok
18:55:10.0492 4616  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
18:55:10.0523 4616  upnphost - ok
18:55:10.0554 4616  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
18:55:10.0585 4616  USBAAPL - ok
18:55:10.0617 4616  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp        C:\Windows\system32\drivers\usbccgp.sys
18:55:10.0648 4616  usbccgp - ok
18:55:10.0695 4616  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
18:55:10.0710 4616  usbcir - ok
18:55:10.0710 4616  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
18:55:10.0742 4616  usbehci - ok
18:55:10.0789 4616  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:55:10.0804 4616  usbhub - ok
18:55:10.0835 4616  [ EB2D819A639015253C871CDA09D91D58 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
18:55:10.0851 4616  usbohci - ok
18:55:10.0882 4616  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:55:10.0914 4616  usbprint - ok
18:55:10.0945 4616  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
18:55:10.0992 4616  usbscan - ok
18:55:11.0007 4616  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:11.0071 4616  USBSTOR - ok
18:55:11.0086 4616  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
18:55:11.0102 4616  usbuhci - ok
18:55:11.0149 4616  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
18:55:11.0165 4616  usb_rndisx - ok
18:55:11.0196 4616  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
18:55:11.0211 4616  UxSms - ok
18:55:11.0227 4616  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
18:55:11.0227 4616  VaultSvc - ok
18:55:11.0258 4616  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
18:55:11.0274 4616  vdrvroot - ok
18:55:11.0290 4616  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds            C:\Windows\System32\vds.exe
18:55:11.0336 4616  vds - ok
18:55:11.0368 4616  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:11.0383 4616  vga - ok
18:55:11.0399 4616  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
18:55:11.0430 4616  VgaSave - ok
18:55:11.0446 4616  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
18:55:11.0477 4616  vhdmp - ok
18:55:11.0508 4616  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
18:55:11.0524 4616  viaagp - ok
18:55:11.0540 4616  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
18:55:11.0555 4616  ViaC7 - ok
18:55:11.0555 4616  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
18:55:11.0586 4616  viaide - ok
18:55:11.0586 4616  [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus          C:\Windows\system32\DRIVERS\vmbus.sys
18:55:11.0618 4616  vmbus - ok
18:55:11.0618 4616  [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
18:55:11.0633 4616  VMBusHID - ok
18:55:11.0633 4616  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
18:55:11.0665 4616  volmgr - ok
18:55:11.0696 4616  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
18:55:11.0696 4616  volmgrx - ok
18:55:11.0711 4616  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap        C:\Windows\system32\DRIVERS\volsnap.sys
18:55:11.0743 4616  volsnap - ok
18:55:11.0774 4616  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
18:55:11.0790 4616  vsmraid - ok
18:55:11.0821 4616  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS            C:\Windows\system32\vssvc.exe
18:55:11.0868 4616  VSS - ok
18:55:11.0883 4616  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:55:11.0899 4616  vwifibus - ok
18:55:11.0915 4616  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
18:55:11.0946 4616  W32Time - ok
18:55:11.0977 4616  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:55:11.0993 4616  WacomPen - ok
18:55:12.0008 4616  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:55:12.0057 4616  WANARP - ok
18:55:12.0057 4616  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:55:12.0088 4616  Wanarpv6 - ok
18:55:12.0135 4616  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
18:55:12.0213 4616  WatAdminSvc - ok
18:55:12.0245 4616  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
18:55:12.0307 4616  wbengine - ok
18:55:12.0338 4616  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:55:12.0401 4616  WbioSrvc - ok
18:55:12.0448 4616  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:55:12.0463 4616  WcesComm - ok
18:55:12.0510 4616  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
18:55:12.0557 4616  wcncsvc - ok
18:55:12.0588 4616  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:55:12.0620 4616  WcsPlugInService - ok
18:55:12.0635 4616  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:55:12.0651 4616  Wd - ok
18:55:12.0682 4616  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:55:12.0698 4616  Wdf01000 - ok
18:55:12.0713 4616  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:55:12.0745 4616  WdiServiceHost - ok
18:55:12.0745 4616  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
18:55:12.0760 4616  WdiSystemHost - ok
18:55:12.0791 4616  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient      C:\Windows\System32\webclnt.dll
18:55:12.0823 4616  WebClient - ok
18:55:12.0838 4616  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:55:12.0885 4616  Wecsvc - ok
18:55:12.0901 4616  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
18:55:12.0916 4616  wercplsupport - ok
18:55:12.0948 4616  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:55:12.0963 4616  WerSvc - ok
18:55:12.0979 4616  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:55:13.0010 4616  WfpLwf - ok
18:55:13.0026 4616  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:55:13.0041 4616  WIMMount - ok
18:55:13.0106 4616  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
18:55:13.0153 4616  WinDefend - ok
18:55:13.0153 4616  WinHttpAutoProxySvc - ok
18:55:13.0184 4616  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
18:55:13.0215 4616  Winmgmt - ok
18:55:13.0231 4616  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM          C:\Windows\system32\WsmSvc.dll
18:55:13.0278 4616  WinRM - ok
18:55:13.0340 4616  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:55:13.0356 4616  WinUsb - ok
18:55:13.0372 4616  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
18:55:13.0418 4616  Wlansvc - ok
18:55:13.0434 4616  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
18:55:13.0465 4616  WmiAcpi - ok
18:55:13.0481 4616  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:55:13.0497 4616  wmiApSrv - ok
18:55:13.0543 4616  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
18:55:13.0590 4616  WMPNetworkSvc - ok
18:55:13.0606 4616  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:55:13.0637 4616  WPCSvc - ok
18:55:13.0653 4616  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:55:13.0668 4616  WPDBusEnum - ok
18:55:13.0684 4616  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
18:55:13.0715 4616  ws2ifsl - ok
18:55:13.0747 4616  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
18:55:13.0778 4616  wscsvc - ok
18:55:13.0778 4616  WSearch - ok
18:55:13.0840 4616  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:55:13.0887 4616  wuauserv - ok
18:55:13.0903 4616  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:55:13.0934 4616  WudfPf - ok
18:55:13.0965 4616  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:13.0997 4616  WUDFRd - ok
18:55:14.0028 4616  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
18:55:14.0059 4616  wudfsvc - ok
18:55:14.0092 4616  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
18:55:14.0124 4616  WwanSvc - ok
18:55:14.0155 4616  [ CE0C846127D6ABB1E2A22E59682B2527 ] xnacc          C:\Windows\system32\DRIVERS\xnacc.sys
18:55:14.0186 4616  xnacc - ok
18:55:14.0186 4616  ================ Scan global ===============================
18:55:14.0202 4616  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
18:55:14.0249 4616  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
18:55:14.0249 4616  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
18:55:14.0280 4616  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:55:14.0295 4616  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:55:14.0295 4616  [Global] - ok
18:55:14.0295 4616  ================ Scan MBR ==================================
18:55:14.0311 4616  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:55:14.0499 4616  \Device\Harddisk0\DR0 - ok
18:55:14.0499 4616  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk3\DR5
18:55:15.0014 4616  \Device\Harddisk3\DR5 - ok
18:55:15.0014 4616  ================ Scan VBR ==================================
18:55:15.0030 4616  [ 709BCDEB215087B1D7C7EFAC8C1B01A0 ] \Device\Harddisk0\DR0\Partition1
18:55:15.0030 4616  \Device\Harddisk0\DR0\Partition1 - ok
18:55:15.0045 4616  [ 915241029A06FFC332757D15CB0A32E4 ] \Device\Harddisk0\DR0\Partition2
18:55:15.0045 4616  \Device\Harddisk0\DR0\Partition2 - ok
18:55:15.0045 4616  [ 5F1E540EC69D27543F8CC5E0EDA580B8 ] \Device\Harddisk3\DR5\Partition1
18:55:15.0045 4616  \Device\Harddisk3\DR5\Partition1 - ok
18:55:15.0045 4616  ============================================================
18:55:15.0045 4616  Scan finished
18:55:15.0045 4616  ============================================================
18:55:15.0061 5668  Detected object count: 6
18:55:15.0061 5668  Actual detected object count: 6
18:55:44.0649 5668  BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:55:44.0649 5668  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:55:44.0649 5668  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:55:44.0649 5668  IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:55:44.0649 5668  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:55:44.0649 5668  LUMDriver ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0649 5668  LUMDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 21.10.2012 20:35
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bong 23.10.2012 21:43
Hier ist der Combofix-Report:

[code]
Combofix Logfile:
Code:
ComboFix 12-10-23.01 - User 23/10/2012  21:50:54.1.8 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.1.1033.18.3517.2790 [GMT 2:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0E860171-5260-4120-9B6F-1FEC76B1F41E}.xps
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{452EE020-BEA6-4A9E-B7A7-64863D4A4E31}.xps
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BD76176-D78C-4738-BA3D-A1B1149AF9D2}.xps
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((((  Files Created from 2012-09-23 to 2012-10-23  )))))))))))))))))))))))))))))))
.
.
2012-10-23 19:56 . 2012-10-23 19:58        --------        d-----w-        c:\users\User\AppData\Local\temp
2012-10-23 19:56 . 2012-10-23 19:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-14 19:44 . 2012-10-14 19:44        --------        d-----w-        c:\program files\ESET
2012-10-14 19:33 . 2012-10-14 19:33        --------        d-----w-        c:\users\User\AppData\Roaming\Malwarebytes
2012-10-14 19:33 . 2012-10-14 19:33        --------        d-----w-        c:\programdata\Malwarebytes
2012-10-14 19:33 . 2012-10-14 19:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-10-14 19:33 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-10-14 19:24 . 2012-10-14 19:24        --------        d-----w-        c:\users\User\AppData\Local\Diagnostics
2012-10-13 01:08 . 2012-10-14 10:56        --------        d-----w-        C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:05 . 2012-09-13 10:59        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-19 13:26 . 2012-02-25 12:34        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-05-18 2363392]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-09 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-23 39408]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-10 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-10 167448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29        64592        ----a-w-        c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 23:39]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.lu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\snipb2ir.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Logitech\SetPointP\LBTWiz.exe
c:\windows\system32\WUDFHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-10-23  22:02:20 - machine was rebooted
ComboFix-quarantined-files.txt  2012-10-23 20:02
.
Pre-Run: 126*249*271*296 bytes free
Post-Run: 128*728*211*456 bytes free
.
- - End Of File - - 7532D094F780F28CB1D5413DE1FDA1CE
--- --- ---

cosinus 24.10.2012 11:26
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Bong 15.11.2012 16:22
Hallo Cosinus,

sorry dass ich so lange nicht mehr geantwortet habe! Ich bin seit Anfang November bis Anfang Dezember gerade ziemlich im Prüfungsstress...
Mein Tower hat hier leider keinen Internet-Anschluss (hab hier nur WiFi), so dass ich den nächsten Schritt erst ausführen kann, wenn ich wieder zuhause bin (8.12.). Ich hoffe, der Thread wird bis dahin nicht gelöscht.

Grüsse
Bong

Bong 13.12.2012 00:58
Hallo Cosinus,

Jetzt wo die Prüfungen vorbei sind, will ich endlich die Säuberung meines PCs zu Ende führen :daumenhoc
Allerdings scheint Avira nicht mehr zu funktionieren: die Internet-Protection geht nicht, und wenn ich auf "Update" klicke, tut sich ebenfalls nichts.
Ich habe mir daraufhin die neueste Version runtergeladen, doch zum Installieren müsste ich Malware desinstallieren...wie soll ich vorgehen?

Gruß,
Bong

cosinus 13.12.2012 15:10
Avira erstmal deinstallieren! Sonst bitte noch nichts neues raufmachen
Wenn wir hier komplett fertig sind kannst du auf Avast oder MSE umsatteln

Bitte mal den aktuellen adwCleaner v2.100 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Bong 16.02.2013 11:55
Hallo cosinus, nach langer Zeit habe ich heute beschlossen, mal wieder den PC weiter zu säubern...

-Avira wurde gelöscht, also gerade KEIN Antivirus installiert.

-GMER und OSAM wurden noch NICHT benutzt.

-Hier die adw-logdatei von heute:

AdwCleaner Logfile:
Code:
# AdwCleaner v2.112 - Logfile created 02/16/2013 at 11:55:57
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional  (32 bits)
# User : User - STATION01
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

*************************

AdwCleaner[R1].txt - [1073 octets] - [17/10/2012 23:59:54]
AdwCleaner[R2].txt - [732 octets] - [16/02/2013 11:55:57]
AdwCleaner[S1].txt - [985 octets] - [18/10/2012 12:03:31]

########## EOF - C:\AdwCleaner[R2].txt - [850 octets] ##########
--- --- ---

cosinus 16.02.2013 18:29
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Bong 16.02.2013 19:44
adwCleaner:

AdwCleaner Logfile:
Code:
# AdwCleaner v2.112 - Logfile created 02/16/2013 at 19:41:03
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional  (32 bits)
# User : User - STATION01
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

*************************

AdwCleaner[R1].txt - [1073 octets] - [17/10/2012 23:59:54]
AdwCleaner[R2].txt - [918 octets] - [16/02/2013 11:55:57]
AdwCleaner[S1].txt - [985 octets] - [18/10/2012 12:03:31]
AdwCleaner[S2].txt - [852 octets] - [16/02/2013 19:41:03]

########## EOF - C:\AdwCleaner[S2].txt - [911 octets] ##########
--- --- ---


OTL 1:

OTL Logfile:
Code:
OTL logfile created on: 16/02/2013 19:45:59 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\User\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000140C | Country: Luxembourg | Language: FRL | Date Format: dd/MM/yyyy
 
3,43 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 69,94% Memory free
6,87 Gb Paging File | 5,74 Gb Available in Paging File | 83,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 118,13 Gb Free Space | 39,66% Space Free | Partition Type: NTFS
 
Computer Name: STATION01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LBTWiz.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
PRC - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files\MyTomTom 3\QtGui4.dll ()
MOD - C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll ()
MOD - C:\Program Files\MyTomTom 3\QtCore4.dll ()
MOD - C:\Program Files\MyTomTom 3\QtNetwork4.dll ()
MOD - C:\Program Files\MyTomTom 3\QtXml4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BBDemon) -- C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (DFUBTUSB) -- C:\Windows\System32\drivers\frmupgr.sys (Broadcom Corporation.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.lu/
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 34 61 90 16 CF CA 01  [binary data]
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes,DefaultScope = {9009733B-8683-4B13-9C08-5B4378D967C8}
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\..\SearchScopes\{9009733B-8683-4B13-9C08-5B4378D967C8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/19 14:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/25 13:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013/02/16 11:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\snipb2ir.default\extensions
[2012/03/15 11:57:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\snipb2ir.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/25 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/19 14:26:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/19 14:26:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/19 14:26:14 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/10/23 20:57:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D81D153-0A2A-41E5-8E83-621BFAD54993}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/16 19:49:55 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 19:49:55 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 19:47:34 | 000,627,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/16 19:47:34 | 000,107,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/16 19:42:14 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/16 19:42:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 19:42:04 | 2765,991,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 19:34:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/16 11:55:20 | 000,587,671 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner0.exe
 
========== Files Created - No Company Name ==========
 
[2013/02/16 11:55:19 | 000,587,671 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner0.exe
[2012/10/23 20:48:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/23 20:48:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/23 20:48:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/23 20:48:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/23 20:48:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/22 14:43:31 | 000,000,266 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2002/08/26 18:54:44 | 000,327,680 | R--- | C] () -- C:\Users\User\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL 2:
OTL Logfile:
Code:
OTL Extras logfile created on: 16/02/2013 19:45:59 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\User\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000140C | Country: Luxembourg | Language: FRL | Date Format: dd/MM/yyyy
 
3,43 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 69,94% Memory free
6,87 Gb Paging File | 5,74 Gb Available in Paging File | 83,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 118,13 Gb Free Space | 39,66% Space Free | Partition Type: NTFS
 
Computer Name: STATION01 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D63B2A0-167A-43CA-9C60-C488741DC817}" = rport=137 | protocol=17 | dir=out | app=system |
"{2D752583-D734-4D1B-87E6-251F254612BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3782B852-21A2-455B-A585-9B2E430CEB48}" = lport=138 | protocol=17 | dir=in | app=system |
"{3819DE16-EE15-4CB4-A4E9-D0344E5BF79B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C431E15-80A9-4748-B7AB-770E40DC8F74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D4F0116-4BA9-47AE-9FF6-28B3A5079E90}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59BDABB5-86B0-405F-80EE-7697E2946FEF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{65984671-1B16-4A58-8D76-20EF13C5F587}" = rport=138 | protocol=17 | dir=out | app=system |
"{69C72576-25C5-4E47-9C53-18728E4F240D}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A534B9B-C2E4-4206-9DB8-A88EF7CC5EA2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CB4B49D-0ABF-4587-AE33-7556B093D0AD}" = rport=139 | protocol=6 | dir=out | app=system |
"{89BB362E-C940-485C-B922-FA91B997B903}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8E15AE11-F93B-4C6D-A17D-19D582B6AC6E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{95665D25-216B-445D-A740-5A8DA5268847}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{964C54DA-A805-4CA2-9938-CBF1CDB1D73C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A340D240-BF30-4945-88D6-9BC9EB313D16}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A7217967-B577-498E-80EC-F673BBCBD5E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AAA59016-FBFC-40F3-874A-E8C57D679BFD}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEB47CDC-DCC7-4D67-8F0C-36DDCFF4DCE4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C058F319-0308-40FA-9EC8-D45A04663263}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9192F69-17D7-44A1-A9E5-C34974F3BD7E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D24F4C20-8BDB-40D6-81F6-5911F1E9990B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8CF42BE-5E1A-4521-95C1-8EFA0BA0D0FE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E518753E-327E-491D-B302-E66C8EA56C9B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E87599D0-7D40-425F-A488-B8B8593E795B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BCF79CA-ED27-45EF-BCE6-ED700C4851CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{206BC250-74DE-47A0-804F-2D2B24F5F935}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{20DDCE9E-E191-41A2-9E00-6FD5B1380FEF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2751F3E8-073D-4483-94CD-A2469C68D5C7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2B70076F-580A-4714-A21A-E3944A0ACEDF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{3225A741-7B1F-4F47-B378-B277F757B398}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35DE7058-994D-4804-AAAF-1FABE3D3F28C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D7CAED9-3801-4D38-B7EB-2B2A2787D54D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{604D64A2-8A34-4C9D-90AA-90CC1F67772B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{67E94CCE-BE9D-4769-A3FD-475A1021C244}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6DF31194-C3A8-41F5-A93E-54C633B91114}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EDBA9DA-9FA3-4E80-9150-898580AF2C0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7AAEBE44-E8BE-43C8-B52F-5E921031FFFB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87BB0B5F-4610-4C78-9592-CA91AC39575B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{897433C6-AD53-4D49-AA38-B1D7127EE86E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C21922D-51B5-4E70-B680-85C8118D1E73}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8FA21BCB-09F2-4E1C-ADC3-167F93753005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{922814B2-2D61-4471-9A34-D52D620A074F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1104AF4-A870-4E5D-B854-6DB7CC3E50E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A29C49B4-38E9-4F04-9BB9-2200172A4AC3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AA41CFAE-09DB-442D-BA35-1E1306BE298A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BE5622C0-C138-4606-8E46-5DF7B08A684A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3354C19-6A7B-4D93-844B-0E17813341CC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8786304-8FE0-4CDA-A9FC-52ACA4AE7D84}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{C8BD84C2-A765-405E-A650-FFB0E16F2191}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E55A3812-C001-44E7-A172-2AB746C553D3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F060DC23-C686-417D-90BA-24A51FE1D411}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F2C3B1F6-731D-4B98-91E7-9548349D81AF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FA912F16-0C5B-4356-9FE4-AEE2C5564BEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FFA5720D-7D76-4FD7-96AD-C91DB1B19387}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{20BD95DA-10D6-4C9A-9062-8A910773D06F}C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe |
"TCP Query User{5F309EB6-A1E9-4E23-912C-F5FC1BFB8477}C:\users\user\appdata\local\temp\temp1_widefs.zip\wideclient.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\temp1_widefs.zip\wideclient.exe |
"TCP Query User{A8515D32-00E9-4B2B-82A1-6EC68C067775}C:\program files\laplink\pcmover\pcmover.exe" = protocol=6 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe |
"TCP Query User{EE5BE3B8-DAC9-40EC-B36A-DBEC5C1FB1FA}C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe |
"UDP Query User{3CDDDF7E-9AA2-4C48-A005-0534B5CEBC5D}C:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b16\intel_a\code\bin\orbixd.exe |
"UDP Query User{64621D8A-4813-49F1-9E58-5E3854940F44}C:\users\user\appdata\local\temp\temp1_widefs.zip\wideclient.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\temp1_widefs.zip\wideclient.exe |
"UDP Query User{B88B6B06-4DAB-420F-A1A2-8F9BDD94AB89}C:\program files\laplink\pcmover\pcmover.exe" = protocol=17 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe |
"UDP Query User{F26038AE-F092-4CDC-915E-6D307A3D4A04}C:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b16\intel_a\code\bin\cnext.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" ACG's IWM Duxford AI Pack FSX" =  ACG's IWM Duxford AI Pack FSX
" ACG's IWM Duxford FSX" =  ACG's IWM Duxford FSX
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BBBA9A9-02E8-467D-BE57-4797A50F7861}" = Intel(R) Network Connections 15.1.29.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{662E930A-FBF8-4451-A5A6-4C094160B4BC}" = Intel(R) Desktop Utilities
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{bdf3b27a-3656-4d33-b4ac-cb70bfe342b8}" = Nero 9 Essentials
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Air Combat Simulation
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dassault Systemes B16_0" = Dassault Systemes Software B16
"EAX Unified" = EAX Unified
"ESET Online Scanner" = ESET Online Scanner v3
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 Un siècle d'aviation
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Mafia Game" = Mafia Game
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Pixelformer" = Pixelformer
"PROSetDX" = Intel(R) Network Connections 15.1.29.0
"PS Panels 737NG Panel System_is1" = PS Panels 737NG Version 1.1
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"SP6" = Logitech SetPoint 6.15
"Steam App 50130" = Mafia II
"Steam App 63950" = IL-2 Sturmovik: Cliffs of Dover
"TVWiz" = Intel(R) TV Wizard
"Ycopy_is1" = Ycopy 1.0d
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3527862230-3719559659-2633231742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25/10/2012 17:33:48 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3906
 
Error - 25/10/2012 17:34:57 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/10/2012 17:34:57 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 74141
 
Error - 25/10/2012 17:34:57 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 74141
 
Error - 25/10/2012 17:34:59 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/10/2012 17:34:59 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 76094
 
Error - 25/10/2012 17:34:59 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 76094
 
Error - 25/10/2012 17:35:01 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/10/2012 17:35:01 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 78047
 
Error - 25/10/2012 17:35:01 | Computer Name = Station01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 78047
 
[ System Events ]
Error - 23/10/2012 15:50:02 | Computer Name = Station01 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 23/10/2012 15:54:04 | Computer Name = Station01 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 23/10/2012 15:56:28 | Computer Name = Station01 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 23/10/2012 15:56:33 | Computer Name = Station01 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 23/10/2012 15:57:13 | Computer Name = Station01 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:56:37 on ?23/?10/?2012 was unexpected.
 
Error - 15/11/2012 11:13:47 | Computer Name = Station01 | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.
 
Error - 02/12/2012 18:29:10 | Computer Name = Station01 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:26:44 on ?02/?12/?2012 was unexpected.
 
Error - 09/12/2012 19:26:23 | Computer Name = Station01 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:53:24 on ?06/?12/?2012 was unexpected.
 
Error - 16/02/2013 06:39:19 | Computer Name = Station01 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Software Updater service to connect.
 
Error - 16/02/2013 06:39:20 | Computer Name = Station01 | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
--- --- ---

cosinus 18.02.2013 00:15
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Bong 18.02.2013 15:18
MalwareBytes:

Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.18.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: STATION01 [Administrator]

Schutz: Aktiviert

18/02/2013 15:13:50
mbam-log-2013-02-18 (15-13-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 237855
Laufzeit: 3 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET hat was gefunden:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b5f51e715b022241b74a2ec7e87e2b69
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-14 09:18:27
# local_time=2012-10-14 11:18:27 (+0100, Romance Daylight Time)
# country="Luxembourg"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 18660894 18660894 0 0
# compatibility_mode=5893 16776574 100 94 61610668 102696633 0 0
# compatibility_mode=8192 67108863 100 0 150 150 0 0
# scanned=384262
# found=3
# cleaned=0
# scan_time=5465
C:\Users\User\AppData\Local\Temp\jar_cache1250724741811364833.tmp        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4224a763-5492f2c0        a variant of Win32/Kryptik.AMLT trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\10132012_030821\C_Users\User\AppData\Local\Microsoft\Windows\4481\SMBHelper.exe        a variant of Win32/Kryptik.AMLT trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5f51e715b022241b74a2ec7e87e2b69
# engine=13181
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-18 07:17:56
# local_time=2013-02-18 08:17:56 (+0100, Romance Standard Time)
# country="Luxembourg"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 206326 113667667 0 0
# scanned=400247
# found=2
# cleaned=0
# scan_time=17704
sh=912064C5836953CE46528B63528FDEB8955B94F8 ft=1 fh=c8089ee0e0d0138b vn="a variant of Win32/Kryptik.AMLT trojan" ac=I fn="C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4224a763-5492f2c0"
sh=912064C5836953CE46528B63528FDEB8955B94F8 ft=1 fh=c8089ee0e0d0138b vn="a variant of Win32/Kryptik.AMLT trojan" ac=I fn="C:\_OTL\MovedFiles\10132012_030821\C_Users\User\AppData\Local\Microsoft\Windows\4481\SMBHelper.exe"

cosinus 20.02.2013 00:43
Sieht soweit ok aus

Nur noch ein Fund im Java-Cache, bitte leeren mit TFC:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Bong 20.02.2013 00:44
Ich mach mich dann mal gleich an die Arbeit :daumenhoc

Ich hatte den ESET-Scanner wegen der Funde nicht sofort deinstalliert; soll ich das noch vor den weiteren Schritten machen?

So, TFC hat 1210mb an Dateien gelöscht und keinen Reboot gebraucht.

GMER und OSAM wurden nicht ausgeführt.

Ich habe jetzt noch OTL, tdsskiller, ComboFix, Malwarebytes und adwcleaner auf dem Desktop. Soll ich diese über das Control Panel deinstallieren?

Ich habe noch keinen neuen Antivirus installiert (PC hängt nicht am internet). Irgendwelche Empfehlungen?

Danke für die Hilfe! :daumenhoc

cosinus 20.02.2013 17:00
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Bong 20.02.2013 17:29
Super, vielen Dank für die Hilfe!! :daumenhoc :daumenhoc
Ich hatte vor, Mozilla zu deinstallieren und auf Chrome umzusatteln...irgendwelche Einwände?
Ich werde mir dann gleich mal Avast! runterladen...

cosinus 20.02.2013 21:28
Musst du wissen welchen Browser du verwenden willst. Chrome ist auch nicht schlecht. Mein Fall ist es nicht, aber das ist Geschmackssache. Solange du immer darauf achtest, dass dein Lieblingsbrowser aktuell ist, ist es im Grunde egal welchen man nimmt. (es sei denn du verwendest ein älteres Windows wie XP und den Internet Explorer, bei XP kann man nur IE bis Version 8 verwenden, den würde ich NICHT zum Surfen nehmen)

Ich weiß nicht wie das bei Chrome aussieht mit den Addons (Erweiterungen) aber ich fürchte das was ich brauch ist da nicht alles verfügbar aber für Firefox schon. Also diese Addons meine ich:

NoScript
Adblock+
Clipping
Weatherfox
Forecastfox

Bong 27.02.2013 21:33
Ich schaffe es seit Tagen irgendwie nicht, Java zu downloaden. Erst dachte ich an ein Problem seitens Java, aber das kanns wohl auch nicht sein. Jedes Mal, wenn ich auf "download" klicke, erscheint auf dem Screen
"This webpage is not available
The connection to sdlc-esd.sun.com was interrupted."
und:
"Error 101 (net::ERR_CONNECTION_RESET): The connection was reset."

Was ist da los?

cosinus 27.02.2013 21:56
Du lädst auch wirklich von hier => Java SE Downloads

Bong 27.02.2013 21:57
Ja, funktioniert nicht. Keiner der drei x86 Links funzt.

cosinus 27.02.2013 21:59
Tja, ich kann alles runterladen....

Bong 27.02.2013 22:00
Kann das evtl an einer Browser oder Firewall-Einstellung liegen?

Habs gerade ebenfalls mit IE probiert; keine Chance...

cosinus 27.02.2013 22:19
Das Problem kann auch bei deinem Provider sein
Teste mal den Download von einem anderen Rechner aus über deinem Internetanschluss oder boote den Rechner von einer Live-CD wie Knoppix und probier da den Download. Gehts da auch nicht, liegt das Problem nicht am Rechner.

Bong 28.02.2013 04:48
So, mit meinem Laptop hat der Download perfekt geklappt. Wenn ich die Datei danach allerdings auf meinem Tower öffnen will, kriege ich gleich wieder Fehlermeldungen, unter Anderem "Download File is corrupt"...:confused:

cosinus 28.02.2013 08:35
Ich hab dir auch noch von einer anderen Möglichkeit erzählt die du mal testen kannst

Bong 27.04.2013 01:23
Hallo, ich bin gerade aus 2 Monaten in den USA zurückgekehrt und möchte mich jetzt noch um dieses Download-Problem kümmern.
Was hat es mit so einer Live-CD auf sich? Wo kann ich sowas kriegen?

UPDATE! Aus irgendeinem mysteriösen Grund (ohne dass ich auch irgendetwas angefasst habe) hat der Download gerade problemlos geklappt... :confused:
Auch die Installation von Java scheint problemlos geklappt zu haben.
Nach der Installation kam ein kleines Error-Fenster mit folgender Meldung auf: "Network Browser Error: 3"... deutet das auf ein ernsthaftes Problem hin oder hat sich der PC nur gelangweilt und wollte mir Angst einjagen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:52 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129