bundespolizei trojaner übereste finden

ferrys · 14.02.2012, 11:07

Hallo,

Ich habe es gestern geschafft mir den "bundespolizei trojaner" einzufangen.
(Welche Version weis ich leider nicht) Ich probierte als 1. den abgesicherten Modus und suchte mir im Netz informationen dazu.
Letztendlich löschte ich 2 Dateien mit Malwarebytes und führte eine systemwiederherstellung durch.
Letztendlich ist mir klar das nur ein Neuaufsetzen des systems absolute sicherheit bringt. Mein Problem ist nun ich arbeite mit diesem Pc und das system Neuaufsetzen würde mich wohl einige Tage kosten.
Meine Frage nun kann ich eventuelle überbleibsel finden, und wie kann ich mich bis zum Neuaufsetzen des systems schützen.

ich benutze eset smart security.

defogger brachte kein ergebniss.
dds bringt nur kurz ein cmd fenster und verschwindet gleich wieder.

Ich hoffe ich habe mich an die Regeln gehalten(wenn nicht bitte darauf hinnweisen)

Lg ferrys

E. dds hat doch noch funktioniert

cosinus · 14.02.2012, 17:32

Zitat:

Letztendlich löschte ich 2 Dateien mit Malwarebytes und führte eine systemwiederherstellung durch.

Ohne die Logs von Malwarebytes wird das hier nichts.

Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

ferrys · 14.02.2012, 18:58

Danke für die superschnelle Hilfe!

So habe nun mit einigem Zeitaufand das alte Log vom berreits wieder deinstallierten Programm gefunden.
Nachträgliche Scans erbrachten keine Ergebnisse.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.13.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
********* :: **********-PC [Administrator]

Schutz: Deaktiviert

13.02.2012 18:40:47
mbam-log-2012-02-13 (18-40-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 182831
Laufzeit: 2 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\FERRYS\AppData\Local\Temp\0.6368159088400085.exe (Trojan.Downloader.lb) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\FERRYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6368159088400085.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 14.02.2012, 21:22

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

ferrys · 16.02.2012, 00:10

Malwarebytes Full Scan keine früheren vorhanden

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ferrys :: FERRYS-PC [Administrator]

Schutz: Aktiviert

15.02.2012 16:32:45
newmbam-log-2012-02-15 (17-49-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407702
Laufzeit: 1 Stunde(n), 16 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ferrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3224710b-6e742568 (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

(Ende)

ESET Online Scanner

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=018489fc10accb4db7a5356f5f48c17a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-15 11:02:02
# local_time=2012-02-16 12:02:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 88087 80950140 0 0
# compatibility_mode=8201 39157117 100 75 79710 34480730 0 0
# scanned=492239
# found=8
# cleaned=0
# scan_time=26632
# nod_component=V3 Build:0x30000000
C:\Users\Ferrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3224710b-6e742568	a variant of Win32/Kryptik.ZTC trojan (unable to clean)	00000000000000000000000000000000	I
H:\Backup2011\usb stick\Backup\vlc-1.1.10-win32.exe	Win32/StartPage.OIE trojan (unable to clean)	00000000000000000000000000000000	I
H:\Backup2011\usb stick\Backup2\vlc-1.1.10-win32.exe	Win32/StartPage.OIE trojan (unable to clean)	00000000000000000000000000000000	I
H:\Real Collection\Programme\Apps\unlocker1.9.0.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I

cosinus · 16.02.2012, 13:22

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

ferrys · 16.02.2012, 17:03

OTL LOG

Code:

ATTFilter

OTL Extras logfile created on: 16.02.2012 16:44:57 - Run 1

cosinus · 16.02.2012, 17:29

Die extras brauch ich nicht unbedingt, wichtiger ist die otl.txt

ferrys · 16.02.2012, 17:33

Ich bitte vielmals um Entschuldigung files verwechselt.

Code:

ATTFilter

OTL logfile created on: 16.02.2012 16:44:57 - Run 1
OTL by OldTimer - Version 3.2.32.0     Folder = C:\Users\Ferrys\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,56% Memory free
8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 347,47 Gb Free Space | 74,62% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FERRYS-PC | User Name: Ferrys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ferrys\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
 
 
 
 
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 D4 C6 D6 68 E3 CC 01  [binary data]
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sdx.cc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1635077&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.7
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: guillaume.lecanu@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.14 20:07:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.26 13:17:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.06.20 18:06:05 | 000,000,000 | ---D | M]
 
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Extensions
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.11 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions
[2012.01.18 16:58:46 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.02.11 10:26:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions\foxyproxy@eric.h.jung
[2011.08.30 20:33:57 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Ferrys\AppData\Roaming\mozilla\Firefox\Profiles\a1ltm1yf.default\extensions\netvideohunter@netvideohunter.com
[2011.06.20 17:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\SABNZBDSTATUS@DQ5STUDIOS.COM.XPI
() (No name found) -- C:\USERS\FERRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A1LTM1YF.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.02.14 20:07:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.14 20:07:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 20:07:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 20:07:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 20:07:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 20:07:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 20:07:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.16 17:41:13 | 000,000,040 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{307E969D-F398-48F8-A339-852C4FD13F76}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell - "" = AutoRun
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.16 16:30:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ferrys\Desktop\OTL.exe
[2012.02.14 18:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.14 18:54:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.14 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.13 20:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.13 20:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.02.13 18:39:09 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Malwarebytes
[2012.02.13 18:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.12 13:16:23 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\TeknoGods
[2012.02.12 00:11:52 | 000,000,000 | ---D | C] -- C:\Sandbox
[2012.02.12 00:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.02.11 23:48:46 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\VirtualBox VMs
[2012.02.11 23:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\.VirtualBox
[2012.02.07 17:27:08 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Lexicon PCM Native
[2012.02.07 17:26:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
[2012.02.07 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexicon
[2012.02.06 19:59:54 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\tatoo
[2012.02.06 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Documents\My Games
[2012.02.06 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\FalloutNV
[2012.02.04 10:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.04 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.02.04 10:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.02.04 10:39:50 | 000,000,000 | ---D | C] -- C:\AMD
[2012.02.03 15:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.02.03 14:53:24 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\PunkBuster
[2012.02.03 14:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.02.03 07:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.01.31 18:53:56 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Documents\iZotope
[2012.01.31 18:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\iZotope
[2012.01.30 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Skrillex - More Monsters And Sprites
[2012.01.29 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Documents\FXpansion
[2012.01.29 20:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXpansion
[2012.01.29 20:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FXpansion
[2012.01.29 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\FXpansion
[2012.01.29 20:13:53 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Backup fl desk download
[2012.01.29 18:00:24 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Party2012
[2012.01.29 14:12:38 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Tony Hawks Complete OST
[2012.01.29 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\runic games
[2012.01.28 12:30:36 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\Funcom
[2012.01.27 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\CrashRpt
[2012.01.26 20:48:50 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Line 6
[2012.01.26 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6
[2012.01.26 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Line 6
[2012.01.26 20:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2012.01.26 20:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
[2012.01.26 20:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
[2012.01.26 20:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Camel Audio
[2012.01.26 10:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\J's Stuff
[2012.01.26 10:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\jBridge
[2012.01.26 10:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Waves Audio
[2012.01.23 17:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio
[2012.01.22 12:01:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.01.21 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\AppData\Local\AMD
[2012.01.21 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.01.21 22:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.01.21 22:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.01.21 13:37:23 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Schuhe 40 euro bestellen
[2012.01.21 00:22:59 | 000,000,000 | RH-D | C] -- C:\Users\Ferrys\AppData\Roaming\SecuROM
[2012.01.19 21:11:12 | 000,000,000 | ---D | C] -- C:\Users\Ferrys\Desktop\Cubase ungeordnet
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.16 16:30:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ferrys\Desktop\OTL.exe
[2012.02.16 16:30:30 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 16:30:30 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 16:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.16 16:17:48 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.16 06:34:54 | 004,857,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 17:42:24 | 000,274,411 | ---- | M] () -- C:\Users\Ferrys\Desktop\newsound.zip
[2012.02.15 17:28:07 | 000,001,900 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.02.15 16:56:13 | 001,519,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.15 16:56:13 | 000,654,016 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.15 16:56:13 | 000,615,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.15 16:56:13 | 000,129,888 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.15 16:56:13 | 000,106,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.14 19:08:08 | 000,000,000 | ---- | M] () -- C:\Users\Ferrys\defogger_reenable
[2012.02.14 18:54:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.13 19:02:12 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.02.04 14:19:31 | 000,017,726 | ---- | M] () -- C:\Users\Ferrys\Documents\cc_20120204_141929.reg
[2012.02.03 14:53:27 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.03 14:53:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.26 21:34:26 | 000,030,086 | ---- | M] () -- C:\Users\Ferrys\Documents\cc_20120126_213423.reg
[2012.01.19 21:20:46 | 000,011,618 | ---- | M] () -- C:\Users\Ferrys\Documents\cc_20120119_212042.reg
[2012.01.19 17:45:28 | 000,286,208 | ---- | M] () -- C:\Windows\SysWow64\Xbinkw32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.15 17:40:11 | 000,274,411 | ---- | C] () -- C:\Users\Ferrys\Desktop\newsound.zip
[2012.02.14 19:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Ferrys\defogger_reenable
[2012.02.14 18:54:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.13 20:18:01 | 000,001,900 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.02.13 19:01:58 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.02.04 14:19:30 | 000,017,726 | ---- | C] () -- C:\Users\Ferrys\Documents\cc_20120204_141929.reg
[2012.02.03 14:53:27 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.03 14:53:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.26 21:34:25 | 000,030,086 | ---- | C] () -- C:\Users\Ferrys\Documents\cc_20120126_213423.reg
[2012.01.19 21:20:45 | 000,011,618 | ---- | C] () -- C:\Users\Ferrys\Documents\cc_20120119_212042.reg
[2012.01.19 17:38:58 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\Xbinkw32.dll
[2012.01.13 20:44:25 | 000,000,081 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MPluginConfiguration.xml
[2012.01.13 20:43:15 | 000,005,622 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MNoiseGeneratorpresets.xml
[2012.01.13 20:01:23 | 000,020,335 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MHarmonizerpresets.xml
[2012.01.13 20:01:23 | 000,017,558 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MModernCompressorpresets.xml
[2012.01.13 20:01:23 | 000,003,597 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MTransientpresets.xml
[2012.01.13 20:01:19 | 000,017,537 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MDelaypresets.xml
[2012.01.13 20:01:19 | 000,010,793 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MDistortionpresets.xml
[2012.01.13 20:01:19 | 000,004,377 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MChoruspresets.xml
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.25 18:41:22 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.11.25 18:41:06 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.11.25 18:40:55 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.11.21 21:24:23 | 000,036,864 | ---- | C] () -- C:\Windows\Algouinstall.exe
[2011.11.21 21:11:15 | 000,001,547 | ---- | C] () -- C:\Windows\SysWow64\privatedata.dll
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.21 23:24:18 | 000,013,158 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MOscillatorpresets.xml
[2011.10.21 23:24:18 | 000,006,687 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\menvelopepresets.xml
[2011.10.21 23:24:18 | 000,002,820 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2011.10.21 23:24:18 | 000,002,492 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2011.10.21 23:24:18 | 000,001,235 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2011.10.21 23:24:18 | 000,001,011 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MValueToColor5presets.xml
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.07 19:29:06 | 000,007,602 | ---- | C] () -- C:\Users\Ferrys\AppData\Local\Resmon.ResmonCfg
[2011.06.20 17:41:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.09 16:00:00 | 000,667,255 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandRhythmizerpresets.xml
[2010.11.09 16:00:00 | 000,208,881 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandReverbpresets.xml
[2010.11.09 16:00:00 | 000,193,849 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandDistortionpresets.xml
[2010.11.09 16:00:00 | 000,191,692 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MAnalyzerpresets.xml
[2010.11.09 16:00:00 | 000,163,535 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandConvolutionpresets.xml
[2010.11.09 16:00:00 | 000,154,345 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandAutopanpresets.xml
[2010.11.09 16:00:00 | 000,152,555 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandFreqShifterpresets.xml
[2010.11.09 16:00:00 | 000,137,827 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandFlangerpresets.xml
[2010.11.09 16:00:00 | 000,127,297 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFilterpresets.xml
[2010.11.09 16:00:00 | 000,125,408 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandVibratopresets.xml
[2010.11.09 16:00:00 | 000,120,395 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandChoruspresets.xml
[2010.11.09 16:00:00 | 000,115,704 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandPhaserpresets.xml
[2010.11.09 16:00:00 | 000,115,695 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandHarmonizerpresets.xml
[2010.11.09 16:00:00 | 000,091,447 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandDelaypresets.xml
[2010.11.09 16:00:00 | 000,086,911 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandRingModulatorpresets.xml
[2010.11.09 16:00:00 | 000,086,536 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequencepresets.xml
[2010.11.09 16:00:00 | 000,084,095 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MReverbpresets.xml
[2010.11.09 16:00:00 | 000,081,019 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandTremolopresets.xml
[2010.11.09 16:00:00 | 000,059,052 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandWaveShaperpresets.xml
[2010.11.09 16:00:00 | 000,051,825 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml
[2010.11.09 16:00:00 | 000,042,795 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerpresets.xml
[2010.11.09 16:00:00 | 000,038,763 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandTransientpresets.xml
[2010.11.09 16:00:00 | 000,032,410 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandSaturatorpresets.xml
[2010.11.09 16:00:00 | 000,028,727 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MSpectralDynamicspresets.xml
[2010.11.09 16:00:00 | 000,024,793 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandDynamicspresets.xml
[2010.11.09 16:00:00 | 000,021,794 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MDynamicspresets.xml
[2010.11.09 16:00:00 | 000,013,964 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFlangerpresets.xml
[2010.11.09 16:00:00 | 000,012,248 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequenceSetpresets.xml
[2010.11.09 16:00:00 | 000,011,422 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFreeformEqualizerpresets.xml
[2010.11.09 16:00:00 | 000,010,520 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MMultiBandLimiterpresets.xml
[2010.11.09 16:00:00 | 000,009,119 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFreqShifterpresets.xml
[2010.11.09 16:00:00 | 000,007,355 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MEqualizerLinearPhasepresets.xml
[2010.11.09 16:00:00 | 000,007,130 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MEqualizerpresets.xml
[2010.11.09 16:00:00 | 000,006,953 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MFreeformAnalogEqpresets.xml
[2010.11.09 16:00:00 | 000,006,444 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MCompressorpresets.xml
[2010.11.09 16:00:00 | 000,005,138 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MWaveShaperpresets.xml
[2010.11.09 16:00:00 | 000,005,022 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml
[2010.11.09 16:00:00 | 000,004,362 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MPhaserpresets.xml
[2010.11.09 16:00:00 | 000,003,771 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MRingModulatorpresets.xml
[2010.11.09 16:00:00 | 000,003,017 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MStereoProcessorpresets.xml
[2010.11.09 16:00:00 | 000,002,775 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MStereoExpanderpresets.xml
[2010.11.09 16:00:00 | 000,002,666 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MVibratopresets.xml
[2010.11.09 16:00:00 | 000,002,366 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MTremolopresets.xml
[2010.11.09 16:00:00 | 000,001,907 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MAutopanpresets.xml
[2010.11.09 16:00:00 | 000,001,381 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MLimiterpresets.xml
[2010.11.09 16:00:00 | 000,000,688 | ---- | C] () -- C:\Users\Ferrys\AppData\Roaming\MUltraMaximizerpresets.xml
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.08.19 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\.minecraft
[2012.01.12 22:16:26 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Ableton
[2011.06.21 11:55:25 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Acronis
[2012.01.22 16:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\AIMP3
[2011.11.20 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ASK Video
[2011.12.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Bioshock2
[2012.01.26 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Celemony Software GmbH
[2011.06.21 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Cytomic
[2012.02.16 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\DAEMON Tools Lite
[2011.07.28 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Day 1 Studios
[2011.11.24 22:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Drumagog 5
[2011.06.20 18:06:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ESET
[2011.06.21 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FabFilter
[2011.08.07 12:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FreeFLVConverter
[2012.01.29 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FXpansion
[2011.06.21 15:51:55 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Image-Line
[2012.01.31 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\iZotope
[2012.02.07 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Lexicon PCM Native
[2011.06.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\LibreOffice
[2012.01.26 20:51:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Line 6
[2012.01.19 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction
[2012.01.13 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction IR
[2011.07.29 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MAutoEqualizer
[2011.06.21 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFilter
[2011.07.29 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFreeformAnalogEq
[2011.11.13 00:16:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandAutopan
[2011.11.25 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandChorus
[2011.06.21 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandConvolution
[2011.07.30 19:36:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDelay
[2011.12.28 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDistortion
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamics
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge
[2011.11.25 23:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFlanger
[2011.06.21 15:28:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFreqShifter
[2011.07.29 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandHarmonizer
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandLimiter
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandPhaser
[2011.07.30 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandReverb
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRhythmizer
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRingModulator
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandSaturator
[2011.11.02 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTransient
[2011.12.07 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTremolo
[2011.06.21 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandVibrato
[2011.11.02 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandWaveShaper
[2011.06.21 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MReverb
[2011.12.16 19:13:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MRhythmizer
[2011.09.12 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MSpectralDynamicsMini
[2011.09.12 16:29:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MStereoProcessor
[2011.09.12 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MUltraMaximizer
[2011.10.21 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MSPS
[2011.10.21 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MTexturedStyles
[2012.02.16 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\NetSpeedMonitor
[2011.08.28 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\OnLive App
[2011.06.29 07:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Propellerhead Software
[2012.02.03 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\PunkBuster
[2011.06.29 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\RIFT
[2011.08.18 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Rovio
[2012.01.29 12:31:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\runic games
[2011.11.21 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Sonalksis
[2011.06.22 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Steinberg
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Thunderbird
[2011.07.05 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TrueCrypt
[2011.11.21 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TS3Client
[2011.10.11 17:29:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\V-Plugs
[2011.11.25 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\VST3 Presets
[2011.11.13 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Waves Audio
[2012.01.14 13:15:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.19 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\.minecraft
[2012.01.12 22:16:26 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Ableton
[2011.06.21 11:55:25 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Acronis
[2011.11.16 20:37:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Adobe
[2011.06.20 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Adobe-BackupByPhotoshopPortable
[2012.01.22 16:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\AIMP3
[2011.11.17 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Apple Computer
[2011.11.20 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ASK Video
[2011.06.20 17:42:28 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ATI
[2011.12.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Bioshock2
[2012.01.26 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Celemony Software GmbH
[2011.06.21 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Cytomic
[2012.02.16 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\DAEMON Tools Lite
[2011.07.28 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Day 1 Studios
[2011.11.24 22:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Drumagog 5
[2011.11.25 13:13:21 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\dvdcss
[2011.06.20 18:06:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\ESET
[2011.06.21 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FabFilter
[2011.08.07 12:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FreeFLVConverter
[2012.01.29 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\FXpansion
[2011.06.20 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Identities
[2011.06.21 15:51:55 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Image-Line
[2011.06.20 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\InstallShield
[2012.01.31 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\iZotope
[2012.02.07 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Lexicon PCM Native
[2011.06.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\LibreOffice
[2012.01.26 20:51:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Line 6
[2011.06.20 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Macromedia
[2012.02.13 18:39:09 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Malwarebytes
[2010.11.21 07:28:37 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Media Center Programs
[2012.01.19 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction
[2012.01.13 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction IR
[2011.07.29 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MAutoEqualizer
[2011.06.21 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFilter
[2011.07.29 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MFreeformAnalogEq
[2011.11.13 00:16:50 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandAutopan
[2011.11.25 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandChorus
[2011.06.21 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandConvolution
[2011.07.30 19:36:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDelay
[2011.12.28 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDistortion
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamics
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge
[2011.11.25 23:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFlanger
[2011.06.21 15:28:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandFreqShifter
[2011.07.29 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandHarmonizer
[2011.06.21 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandLimiter
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandPhaser
[2011.07.30 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandReverb
[2011.06.21 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRhythmizer
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandRingModulator
[2011.06.21 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandSaturator
[2011.11.02 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTransient
[2011.12.07 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandTremolo
[2011.06.21 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandVibrato
[2011.11.02 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MMultiBandWaveShaper
[2011.06.21 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MReverb
[2011.12.16 19:13:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MRhythmizer
[2011.09.12 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MSpectralDynamicsMini
[2011.09.12 16:29:32 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MStereoProcessor
[2011.09.12 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MeldaProduction MUltraMaximizer
[2011.11.09 20:02:31 | 000,000,000 | --SD | M] -- C:\Users\Ferrys\AppData\Roaming\Microsoft
[2011.06.20 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Mozilla
[2011.10.21 23:25:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MSPS
[2011.10.21 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\MTexturedStyles
[2012.02.16 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\NetSpeedMonitor
[2011.08.28 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\OnLive App
[2011.06.29 07:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Propellerhead Software
[2012.02.03 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\PunkBuster
[2011.06.29 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\RIFT
[2011.08.18 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Rovio
[2012.01.29 12:31:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\runic games
[2012.01.21 00:22:59 | 000,000,000 | RH-D | M] -- C:\Users\Ferrys\AppData\Roaming\SecuROM
[2011.11.21 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Sonalksis
[2011.06.22 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Steinberg
[2011.06.20 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Thunderbird
[2011.07.05 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TrueCrypt
[2011.11.21 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\TS3Client
[2011.10.11 17:29:49 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\V-Plugs
[2012.02.13 18:49:20 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\vlc
[2011.11.25 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\VST3 Presets
[2011.11.13 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\Waves Audio
[2011.06.20 18:17:15 | 000,000,000 | ---D | M] -- C:\Users\Ferrys\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.09.08 00:12:50 | 000,964,584 | ---- | M] () -- C:\Users\Ferrys\AppData\Roaming\Line 6\L6TWXY\Tools\Line 6 Uninstaller.exe
[2011.12.06 14:33:27 | 000,003,128 | R--- | M] () -- C:\Users\Ferrys\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
[2011.06.20 22:39:22 | 000,010,134 | R--- | M] () -- C:\Users\Ferrys\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011.11.23 17:38:29 | 003,123,272 | R--- | M] () -- C:\Users\Ferrys\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 16.02.2012, 20:49

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sdx.cc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1635077&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 D4 C6 D6 68 E3 CC 01  [binary data]
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell - "" = AutoRun
O33 - MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ferrys · 17.02.2012, 11:43

Danke für die schnelle Hilfe und Antwort echt ein super Arbeit die ihr hier (in eurer Freizeit?) leistet.

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "sdx.cc Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1635077&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.openintab
HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2865681347-1816797090-4087524395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2093fbce-9b5c-11e0-be76-00252292f6a4}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\setup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Ferrys
->Temp folder emptied: 8160589 bytes
->Temporary Internet Files folder emptied: 180358 bytes
->Java cache emptied: 748318 bytes
->FireFox cache emptied: 1194023464 bytes
->Flash cache emptied: 717 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20409102 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.167,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.32.0 log created on 02172012_113502

Files\Folders moved on Reboot...
C:\Users\Ferrys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 17.02.2012, 17:52

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

ferrys · 18.02.2012, 11:52

Code:

ATTFilter

11:33:51.0405 4224	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:33:51.0690 4224	============================================================
11:33:51.0690 4224	Current date / time: 2012/02/18 11:33:51.0690
11:33:51.0690 4224	SystemInfo:
11:33:51.0690 4224	
11:33:51.0690 4224	OS Version: 6.1.7601 ServicePack: 1.0
11:33:51.0690 4224	Product type: Workstation
11:33:51.0690 4224	ComputerName: FERRYS-PC
11:33:51.0690 4224	UserName: Ferrys
11:33:51.0690 4224	Windows directory: C:\Windows
11:33:51.0690 4224	System windows directory: C:\Windows
11:33:51.0690 4224	Running under WOW64
11:33:51.0690 4224	Processor architecture: Intel x64
11:33:51.0690 4224	Number of processors: 3
11:33:51.0690 4224	Page size: 0x1000
11:33:51.0690 4224	Boot type: Normal boot
11:33:51.0690 4224	============================================================
11:33:52.0975 4224	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:33:52.0980 4224	Drive \Device\Harddisk1\DR1 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:33:52.0995 4224	\Device\Harddisk0\DR0:
11:33:52.0995 4224	MBR used
11:33:52.0995 4224	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:33:52.0995 4224	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:33:52.0995 4224	\Device\Harddisk1\DR1:
11:33:52.0995 4224	MBR used
11:33:52.0995 4224	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
11:33:53.0040 4224	Initialize success
11:33:53.0040 4224	============================================================
11:34:44.0462 4672	============================================================
11:34:44.0462 4672	Scan started
11:34:44.0462 4672	Mode: Manual; SigCheck; TDLFS; 
11:34:44.0462 4672	============================================================
11:34:44.0867 4672	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
11:34:44.0997 4672	1394ohci - ok
11:34:45.0032 4672	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:34:45.0042 4672	ACPI - ok
11:34:45.0067 4672	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:34:45.0127 4672	AcpiPmi - ok
11:34:45.0182 4672	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:34:45.0197 4672	adp94xx - ok
11:34:45.0207 4672	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:34:45.0217 4672	adpahci - ok
11:34:45.0227 4672	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:34:45.0232 4672	adpu320 - ok
11:34:45.0272 4672	afcdp           (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
11:34:45.0302 4672	afcdp - ok
11:34:45.0362 4672	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:34:45.0422 4672	AFD - ok
11:34:45.0467 4672	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:34:45.0472 4672	agp440 - ok
11:34:45.0492 4672	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:34:45.0497 4672	aliide - ok
11:34:45.0532 4672	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:34:45.0537 4672	amdide - ok
11:34:45.0572 4672	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:34:45.0577 4672	amdiox64 - ok
11:34:45.0597 4672	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:34:45.0627 4672	AmdK8 - ok
11:34:45.0802 4672	amdkmdag        (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
11:34:46.0052 4672	amdkmdag - ok
11:34:46.0132 4672	amdkmdap        (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:34:46.0147 4672	amdkmdap - ok
11:34:46.0187 4672	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:34:46.0217 4672	AmdPPM - ok
11:34:46.0257 4672	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:34:46.0262 4672	amdsata - ok
11:34:46.0297 4672	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:34:46.0307 4672	amdsbs - ok
11:34:46.0322 4672	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:34:46.0327 4672	amdxata - ok
11:34:46.0397 4672	AODDriver4.01   (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:34:46.0402 4672	AODDriver4.01 - ok
11:34:46.0447 4672	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:34:46.0582 4672	AppID - ok
11:34:46.0612 4672	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:34:46.0617 4672	arc - ok
11:34:46.0627 4672	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:34:46.0632 4672	arcsas - ok
11:34:46.0657 4672	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:46.0762 4672	AsyncMac - ok
11:34:46.0777 4672	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:34:46.0787 4672	atapi - ok
11:34:46.0837 4672	AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
11:34:46.0842 4672	AtiHDAudioService - ok
11:34:46.0872 4672	AtiHdmiService  (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
11:34:46.0912 4672	AtiHdmiService - ok
11:34:46.0937 4672	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:34:46.0942 4672	AtiPcie - ok
11:34:46.0992 4672	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:34:47.0042 4672	b06bdrv - ok
11:34:47.0067 4672	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:34:47.0097 4672	b57nd60a - ok
11:34:47.0127 4672	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:34:47.0167 4672	Beep - ok
11:34:47.0217 4672	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:34:47.0242 4672	blbdrive - ok
11:34:47.0262 4672	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:34:47.0327 4672	bowser - ok
11:34:47.0352 4672	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:34:47.0382 4672	BrFiltLo - ok
11:34:47.0387 4672	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:34:47.0402 4672	BrFiltUp - ok
11:34:47.0417 4672	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:34:47.0467 4672	Brserid - ok
11:34:47.0472 4672	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:34:47.0512 4672	BrSerWdm - ok
11:34:47.0517 4672	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:34:47.0552 4672	BrUsbMdm - ok
11:34:47.0562 4672	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:34:47.0582 4672	BrUsbSer - ok
11:34:47.0602 4672	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:34:47.0627 4672	BTHMODEM - ok
11:34:47.0652 4672	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:34:47.0697 4672	cdfs - ok
11:34:47.0732 4672	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:34:47.0757 4672	cdrom - ok
11:34:47.0797 4672	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:34:47.0817 4672	circlass - ok
11:34:47.0847 4672	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:34:47.0862 4672	CLFS - ok
11:34:47.0937 4672	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:34:47.0957 4672	CmBatt - ok
11:34:47.0962 4672	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:34:47.0972 4672	cmdide - ok
11:34:48.0012 4672	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:34:48.0027 4672	CNG - ok
11:34:48.0057 4672	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:34:48.0062 4672	Compbatt - ok
11:34:48.0087 4672	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:34:48.0112 4672	CompositeBus - ok
11:34:48.0147 4672	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:34:48.0152 4672	crcdisk - ok
11:34:48.0192 4672	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:34:48.0252 4672	CSC - ok
11:34:48.0272 4672	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:34:48.0312 4672	DfsC - ok
11:34:48.0332 4672	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:34:48.0377 4672	discache - ok
11:34:48.0417 4672	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:34:48.0422 4672	Disk - ok
11:34:48.0452 4672	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:34:48.0507 4672	dmvsc - ok
11:34:48.0542 4672	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:34:48.0567 4672	drmkaud - ok
11:34:48.0597 4672	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:34:48.0607 4672	dtsoftbus01 - ok
11:34:48.0642 4672	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:34:48.0667 4672	DXGKrnl - ok
11:34:48.0697 4672	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:34:48.0722 4672	E1G60 - ok
11:34:48.0767 4672	eamonm          (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
11:34:48.0772 4672	eamonm - ok
11:34:48.0832 4672	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:34:48.0917 4672	ebdrv - ok
11:34:48.0942 4672	ehdrv           (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
11:34:48.0947 4672	ehdrv - ok
11:34:48.0992 4672	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:34:49.0007 4672	elxstor - ok
11:34:49.0032 4672	epfw            (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
11:34:49.0042 4672	epfw - ok
11:34:49.0057 4672	Epfwndis        (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
11:34:49.0062 4672	Epfwndis - ok
11:34:49.0097 4672	epfwwfp         (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
11:34:49.0102 4672	epfwwfp - ok
11:34:49.0107 4672	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:34:49.0137 4672	ErrDev - ok
11:34:49.0172 4672	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:34:49.0197 4672	exfat - ok
11:34:49.0207 4672	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:34:49.0247 4672	fastfat - ok
11:34:49.0267 4672	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:34:49.0297 4672	fdc - ok
11:34:49.0327 4672	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:34:49.0332 4672	FileInfo - ok
11:34:49.0347 4672	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:34:49.0392 4672	Filetrace - ok
11:34:49.0407 4672	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:34:49.0417 4672	flpydisk - ok
11:34:49.0452 4672	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:34:49.0462 4672	FltMgr - ok
11:34:49.0472 4672	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:34:49.0482 4672	FsDepends - ok
11:34:49.0492 4672	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:34:49.0502 4672	Fs_Rec - ok
11:34:49.0537 4672	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:34:49.0552 4672	fvevol - ok
11:34:49.0582 4672	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:34:49.0587 4672	gagp30kx - ok
11:34:49.0607 4672	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:34:49.0657 4672	hcw85cir - ok
11:34:49.0697 4672	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:34:49.0727 4672	HdAudAddService - ok
11:34:49.0757 4672	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:34:49.0782 4672	HDAudBus - ok
11:34:49.0797 4672	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:34:49.0822 4672	HidBatt - ok
11:34:49.0832 4672	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:34:49.0862 4672	HidBth - ok
11:34:49.0867 4672	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:34:49.0882 4672	HidIr - ok
11:34:49.0922 4672	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:34:49.0947 4672	HidUsb - ok
11:34:49.0972 4672	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:34:49.0977 4672	HpSAMD - ok
11:34:49.0997 4672	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:34:50.0057 4672	HTTP - ok
11:34:50.0077 4672	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:34:50.0082 4672	hwpolicy - ok
11:34:50.0097 4672	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:34:50.0112 4672	i8042prt - ok
11:34:50.0142 4672	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:34:50.0157 4672	iaStorV - ok
11:34:50.0202 4672	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:34:50.0207 4672	iirsp - ok
11:34:50.0277 4672	IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
11:34:50.0332 4672	IntcAzAudAddService - ok
11:34:50.0337 4672	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:34:50.0347 4672	intelide - ok
11:34:50.0362 4672	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:34:50.0387 4672	intelppm - ok
11:34:50.0392 4672	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:34:50.0417 4672	IpFilterDriver - ok
11:34:50.0427 4672	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:34:50.0442 4672	IPMIDRV - ok
11:34:50.0447 4672	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:34:50.0482 4672	IPNAT - ok
11:34:50.0507 4672	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:34:50.0572 4672	IRENUM - ok
11:34:50.0577 4672	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:34:50.0582 4672	isapnp - ok
11:34:50.0597 4672	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:34:50.0612 4672	iScsiPrt - ok
11:34:50.0637 4672	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:34:50.0647 4672	kbdclass - ok
11:34:50.0677 4672	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:34:50.0707 4672	kbdhid - ok
11:34:50.0732 4672	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:34:50.0742 4672	KSecDD - ok
11:34:50.0757 4672	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:34:50.0767 4672	KSecPkg - ok
11:34:50.0777 4672	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:34:50.0817 4672	ksthunk - ok
11:34:50.0862 4672	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:34:50.0907 4672	lltdio - ok
11:34:50.0937 4672	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:34:50.0942 4672	LSI_FC - ok
11:34:50.0952 4672	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:34:50.0957 4672	LSI_SAS - ok
11:34:50.0962 4672	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:34:50.0972 4672	LSI_SAS2 - ok
11:34:50.0977 4672	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:34:50.0987 4672	LSI_SCSI - ok
11:34:51.0022 4672	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:34:51.0062 4672	luafv - ok
11:34:51.0117 4672	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:34:51.0122 4672	MBAMProtector - ok
11:34:51.0142 4672	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:34:51.0147 4672	megasas - ok
11:34:51.0167 4672	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:34:51.0182 4672	MegaSR - ok
11:34:51.0197 4672	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:34:51.0237 4672	Modem - ok
11:34:51.0262 4672	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:34:51.0292 4672	monitor - ok
11:34:51.0322 4672	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:34:51.0327 4672	mouclass - ok
11:34:51.0337 4672	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:34:51.0347 4672	mouhid - ok
11:34:51.0357 4672	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:34:51.0367 4672	mountmgr - ok
11:34:51.0387 4672	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:34:51.0392 4672	mpio - ok
11:34:51.0407 4672	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:34:51.0447 4672	mpsdrv - ok
11:34:51.0457 4672	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:34:51.0482 4672	MRxDAV - ok
11:34:51.0512 4672	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:34:51.0582 4672	mrxsmb - ok
11:34:51.0612 4672	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:34:51.0622 4672	mrxsmb10 - ok
11:34:51.0632 4672	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:34:51.0642 4672	mrxsmb20 - ok
11:34:51.0677 4672	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:34:51.0682 4672	msahci - ok
11:34:51.0687 4672	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:34:51.0697 4672	msdsm - ok
11:34:51.0732 4672	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:34:51.0772 4672	Msfs - ok
11:34:51.0787 4672	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:34:51.0827 4672	mshidkmdf - ok
11:34:51.0852 4672	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:34:51.0857 4672	msisadrv - ok
11:34:51.0892 4672	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:34:51.0932 4672	MSKSSRV - ok
11:34:51.0952 4672	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:34:51.0992 4672	MSPCLOCK - ok
11:34:52.0007 4672	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:34:52.0057 4672	MSPQM - ok
11:34:52.0082 4672	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:34:52.0092 4672	MsRPC - ok
11:34:52.0107 4672	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:34:52.0112 4672	mssmbios - ok
11:34:52.0147 4672	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:34:52.0187 4672	MSTEE - ok
11:34:52.0192 4672	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:34:52.0212 4672	MTConfig - ok
11:34:52.0227 4672	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:34:52.0237 4672	Mup - ok
11:34:52.0277 4672	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:34:52.0312 4672	NativeWifiP - ok
11:34:52.0357 4672	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:34:52.0382 4672	NDIS - ok
11:34:52.0422 4672	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:34:52.0447 4672	NdisCap - ok
11:34:52.0472 4672	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:34:52.0512 4672	NdisTapi - ok
11:34:52.0542 4672	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:34:52.0582 4672	Ndisuio - ok
11:34:52.0607 4672	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:34:52.0647 4672	NdisWan - ok
11:34:52.0667 4672	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:34:52.0702 4672	NDProxy - ok
11:34:52.0737 4672	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:34:52.0772 4672	NetBIOS - ok
11:34:52.0797 4672	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:34:52.0822 4672	NetBT - ok
11:34:52.0862 4672	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:34:52.0867 4672	nfrd960 - ok
11:34:52.0897 4672	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:34:52.0937 4672	Npfs - ok
11:34:52.0962 4672	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:34:52.0997 4672	nsiproxy - ok
11:34:53.0052 4672	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:34:53.0092 4672	Ntfs - ok
11:34:53.0107 4672	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:34:53.0152 4672	Null - ok
11:34:53.0187 4672	nusb3hub        (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:34:53.0227 4672	nusb3hub - ok
11:34:53.0262 4672	nusb3xhc        (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:34:53.0287 4672	nusb3xhc - ok
11:34:53.0327 4672	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:34:53.0332 4672	nvraid - ok
11:34:53.0357 4672	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:34:53.0367 4672	nvstor - ok
11:34:53.0407 4672	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:34:53.0417 4672	nv_agp - ok
11:34:53.0422 4672	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:34:53.0447 4672	ohci1394 - ok
11:34:53.0472 4672	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:34:53.0497 4672	Parport - ok
11:34:53.0517 4672	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:34:53.0527 4672	partmgr - ok
11:34:53.0537 4672	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:34:53.0547 4672	pci - ok
11:34:53.0562 4672	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:34:53.0572 4672	pciide - ok
11:34:53.0592 4672	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:34:53.0602 4672	pcmcia - ok
11:34:53.0617 4672	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:34:53.0622 4672	pcw - ok
11:34:53.0652 4672	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:34:53.0702 4672	PEAUTH - ok
11:34:53.0777 4672	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:34:53.0817 4672	PptpMiniport - ok
11:34:53.0837 4672	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:34:53.0862 4672	Processor - ok
11:34:53.0897 4672	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:34:53.0937 4672	Psched - ok
11:34:53.0972 4672	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:34:54.0012 4672	ql2300 - ok
11:34:54.0022 4672	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:34:54.0027 4672	ql40xx - ok
11:34:54.0047 4672	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:34:54.0072 4672	QWAVEdrv - ok
11:34:54.0082 4672	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:34:54.0107 4672	RasAcd - ok
11:34:54.0152 4672	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:34:54.0177 4672	RasAgileVpn - ok
11:34:54.0192 4672	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:34:54.0232 4672	Rasl2tp - ok
11:34:54.0257 4672	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:34:54.0292 4672	RasPppoe - ok
11:34:54.0317 4672	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:34:54.0362 4672	RasSstp - ok
11:34:54.0387 4672	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:34:54.0422 4672	rdbss - ok
11:34:54.0442 4672	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:34:54.0457 4672	rdpbus - ok
11:34:54.0467 4672	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:34:54.0492 4672	RDPCDD - ok
11:34:54.0517 4672	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:34:54.0572 4672	RDPDR - ok
11:34:54.0582 4672	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:34:54.0622 4672	RDPENCDD - ok
11:34:54.0647 4672	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:34:54.0677 4672	RDPREFMP - ok
11:34:54.0682 4672	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:34:54.0742 4672	RdpVideoMiniport - ok
11:34:54.0752 4672	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:34:54.0777 4672	RDPWD - ok
11:34:54.0802 4672	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:34:54.0812 4672	rdyboost - ok
11:34:54.0867 4672	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:34:54.0912 4672	rspndr - ok
11:34:54.0947 4672	RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:34:54.0957 4672	RTL8167 - ok
11:34:54.0972 4672	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:34:54.0992 4672	s3cap - ok
11:34:55.0117 4672	SbieDrv         (554cb4c2e076cc0960d9e5590e4c7fa5) C:\Program Files\Sandboxie\SbieDrv.sys
11:34:55.0127 4672	SbieDrv - ok
11:34:55.0247 4672	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:34:55.0257 4672	sbp2port - ok
11:34:55.0282 4672	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:34:55.0317 4672	scfilter - ok
11:34:55.0347 4672	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:34:55.0387 4672	secdrv - ok
11:34:55.0427 4672	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:34:55.0447 4672	Serenum - ok
11:34:55.0482 4672	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:34:55.0507 4672	Serial - ok
11:34:55.0552 4672	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:34:55.0577 4672	sermouse - ok
11:34:55.0592 4672	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:34:55.0602 4672	sffdisk - ok
11:34:55.0607 4672	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:34:55.0627 4672	sffp_mmc - ok
11:34:55.0632 4672	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:34:55.0647 4672	sffp_sd - ok
11:34:55.0652 4672	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:34:55.0662 4672	sfloppy - ok
11:34:55.0672 4672	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:34:55.0682 4672	SiSRaid2 - ok
11:34:55.0687 4672	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:34:55.0697 4672	SiSRaid4 - ok
11:34:55.0702 4672	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:34:55.0732 4672	Smb - ok
11:34:55.0782 4672	snapman         (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
11:34:55.0792 4672	snapman - ok
11:34:55.0807 4672	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:34:55.0817 4672	spldr - ok
11:34:55.0852 4672	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:34:55.0902 4672	srv - ok
11:34:55.0922 4672	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:34:55.0947 4672	srv2 - ok
11:34:55.0967 4672	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:34:55.0992 4672	srvnet - ok
11:34:56.0032 4672	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:34:56.0037 4672	stexstor - ok
11:34:56.0072 4672	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:34:56.0082 4672	storflt - ok
11:34:56.0092 4672	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:34:56.0097 4672	storvsc - ok
11:34:56.0107 4672	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:34:56.0117 4672	swenum - ok
11:34:56.0127 4672	Synth3dVsc      (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
11:34:56.0132 4672	Synth3dVsc - ok
11:34:56.0192 4672	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:34:56.0237 4672	Tcpip - ok
11:34:56.0257 4672	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:34:56.0282 4672	TCPIP6 - ok
11:34:56.0297 4672	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:34:56.0342 4672	tcpipreg - ok
11:34:56.0362 4672	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:34:56.0402 4672	TDPIPE - ok
11:34:56.0442 4672	tdrpman273      (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
11:34:56.0472 4672	tdrpman273 - ok
11:34:56.0482 4672	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:34:56.0507 4672	TDTCP - ok
11:34:56.0592 4672	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:34:56.0627 4672	tdx - ok
11:34:56.0697 4672	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:34:56.0742 4672	TermDD - ok
11:34:56.0777 4672	terminpt        (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
11:34:56.0807 4672	terminpt - ok
11:34:56.0852 4672	timounter       (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
11:34:56.0867 4672	timounter - ok
11:34:56.0912 4672	Tpkd            (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
11:34:56.0922 4672	Tpkd - ok
11:34:56.0962 4672	truecrypt       (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
11:34:56.0972 4672	truecrypt - ok
11:34:56.0997 4672	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:34:57.0037 4672	tssecsrv - ok
11:34:57.0062 4672	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:34:57.0117 4672	TsUsbFlt - ok
11:34:57.0122 4672	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:34:57.0132 4672	TsUsbGD - ok
11:34:57.0137 4672	tsusbhub        (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
11:34:57.0162 4672	tsusbhub - ok
11:34:57.0197 4672	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:34:57.0232 4672	tunnel - ok
11:34:57.0257 4672	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:34:57.0267 4672	uagp35 - ok
11:34:57.0287 4672	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:34:57.0327 4672	udfs - ok
11:34:57.0347 4672	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:34:57.0357 4672	uliagpkx - ok
11:34:57.0382 4672	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:34:57.0407 4672	umbus - ok
11:34:57.0412 4672	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:34:57.0447 4672	UmPass - ok
11:34:57.0502 4672	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:34:57.0522 4672	usbaudio - ok
11:34:57.0557 4672	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:34:57.0597 4672	usbccgp - ok
11:34:57.0642 4672	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:34:57.0672 4672	usbcir - ok
11:34:57.0702 4672	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:34:57.0732 4672	usbehci - ok
11:34:57.0752 4672	usbfilter       (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
11:34:57.0762 4672	usbfilter - ok
11:34:57.0797 4672	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:34:57.0827 4672	usbhub - ok
11:34:57.0857 4672	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:34:57.0882 4672	usbohci - ok
11:34:57.0907 4672	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:34:57.0932 4672	usbprint - ok
11:34:57.0962 4672	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:34:58.0012 4672	USBSTOR - ok
11:34:58.0032 4672	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:34:58.0052 4672	usbuhci - ok
11:34:58.0092 4672	VBoxNetAdp      (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:34:58.0102 4672	VBoxNetAdp - ok
11:34:58.0132 4672	VBoxNetFlt - ok
11:34:58.0162 4672	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:34:58.0172 4672	vdrvroot - ok
11:34:58.0187 4672	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:34:58.0197 4672	vga - ok
11:34:58.0212 4672	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:34:58.0252 4672	VgaSave - ok
11:34:58.0262 4672	VGPU - ok
11:34:58.0267 4672	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:34:58.0277 4672	vhdmp - ok
11:34:58.0287 4672	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:34:58.0292 4672	viaide - ok
11:34:58.0317 4672	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:34:58.0327 4672	vmbus - ok
11:34:58.0332 4672	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:34:58.0357 4672	VMBusHID - ok
11:34:58.0482 4672	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:34:58.0487 4672	volmgr - ok
11:34:58.0507 4672	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:34:58.0517 4672	volmgrx - ok
11:34:58.0537 4672	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:34:58.0547 4672	volsnap - ok
11:34:58.0582 4672	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:34:58.0587 4672	vsmraid - ok
11:34:58.0602 4672	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:34:58.0632 4672	vwifibus - ok
11:34:58.0642 4672	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:34:58.0657 4672	WacomPen - ok
11:34:58.0692 4672	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:58.0732 4672	WANARP - ok
11:34:58.0747 4672	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:58.0772 4672	Wanarpv6 - ok
11:34:58.0787 4672	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:34:58.0797 4672	Wd - ok
11:34:58.0817 4672	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:34:58.0832 4672	Wdf01000 - ok
11:34:58.0862 4672	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:34:58.0887 4672	WfpLwf - ok
11:34:58.0892 4672	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:34:58.0902 4672	WIMMount - ok
11:34:58.0947 4672	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:34:58.0977 4672	WinUsb - ok
11:34:59.0012 4672	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:34:59.0022 4672	WmiAcpi - ok
11:34:59.0047 4672	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:34:59.0072 4672	ws2ifsl - ok
11:34:59.0092 4672	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:34:59.0137 4672	WudfPf - ok
11:34:59.0182 4672	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:34:59.0222 4672	WUDFRd - ok
11:34:59.0252 4672	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:34:59.0372 4672	\Device\Harddisk0\DR0 - ok
11:34:59.0377 4672	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:34:59.0522 4672	\Device\Harddisk1\DR1 - ok
11:34:59.0522 4672	Boot (0x1200)   (32d787a4f9db3978e5f1421f58294338) \Device\Harddisk0\DR0\Partition0
11:34:59.0522 4672	\Device\Harddisk0\DR0\Partition0 - ok
11:34:59.0537 4672	Boot (0x1200)   (22725173e5a2c10487aa2259a0562847) \Device\Harddisk0\DR0\Partition1
11:34:59.0542 4672	\Device\Harddisk0\DR0\Partition1 - ok
11:34:59.0542 4672	Boot (0x1200)   (5ecc7fe5a62ac51516e47c39f0025fba) \Device\Harddisk1\DR1\Partition0
11:34:59.0547 4672	\Device\Harddisk1\DR1\Partition0 - ok
11:34:59.0547 4672	============================================================
11:34:59.0547 4672	Scan finished
11:34:59.0547 4672	============================================================
11:34:59.0557 3840	Detected object count: 0
11:34:59.0557 3840	Actual detected object count: 0

cosinus · 19.02.2012, 18:30

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ferrys · 21.02.2012, 14:14

Sorry das es diesmal etwas länger gedauert hat, hatte viel um die Ohren.

Code:

ATTFilter

ComboFix 12-02-19.02 - Ferrys 21.02.2012  13:46:35.1.3 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.4095.2613 [GMT 1:00]
ausgeführt von:: c:\users\Ferrys\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Ferrys\AppData\Roaming\RIFT
c:\users\Ferrys\AppData\Roaming\RIFT\rift.cfg
H:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-21 bis 2012-02-21  ))))))))))))))))))))))))))))))
.
.
2012-02-21 12:52 . 2012-02-21 12:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-21 12:24 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{23F0FA33-B690-4D9F-9928-62C604C1CC2F}\mpengine.dll
2012-02-17 10:35 . 2012-02-17 10:35	--------	d-----w-	C:\_OTL
2012-02-16 16:15 . 2012-02-16 16:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-02-15 15:42 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 15:42 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-15 15:42 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 15:42 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-02-15 15:42 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 15:41 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 15:41 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-15 15:41 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-14 17:54 . 2012-02-14 17:54	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-14 17:54 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-13 19:35 . 2012-02-13 19:34	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-13 19:34 . 2012-02-13 19:34	--------	d-----w-	c:\program files\Java
2012-02-13 17:39 . 2012-02-13 17:39	--------	d-----w-	c:\users\Ferrys\AppData\Roaming\Malwarebytes
2012-02-13 17:39 . 2012-02-13 17:39	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-11 23:11 . 2012-02-11 23:11	--------	d-----w-	C:\Sandbox
2012-02-11 23:07 . 2012-02-13 19:17	--------	d-----w-	c:\program files\Sandboxie
2012-02-11 22:48 . 2012-02-11 23:03	--------	d-----w-	c:\users\Ferrys\VirtualBox VMs
2012-02-11 22:47 . 2012-02-11 23:03	--------	d-----w-	c:\users\Ferrys\.VirtualBox
2012-02-11 22:45 . 2011-12-19 12:45	224048	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-02-11 22:45 . 2011-12-19 12:45	130864	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-02-07 16:27 . 2012-02-07 16:27	--------	d-----w-	c:\users\Ferrys\AppData\Roaming\Lexicon PCM Native
2012-02-07 16:26 . 2012-02-07 16:26	--------	dc-h--w-	c:\programdata\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
2012-02-06 16:19 . 2012-02-06 16:19	--------	d-----w-	c:\users\Ferrys\AppData\Local\FalloutNV
2012-02-04 09:45 . 2012-02-04 09:45	--------	d-----w-	c:\programdata\ATI
2012-02-04 09:45 . 2012-02-04 09:45	--------	d-----w-	c:\program files (x86)\AMD APP
2012-02-04 09:39 . 2012-02-04 09:39	--------	d-----w-	C:\AMD
2012-02-03 14:20 . 2012-02-03 14:25	--------	d-----w-	c:\programdata\Ubisoft
2012-02-03 13:53 . 2012-02-03 13:53	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-02-03 13:53 . 2012-02-03 13:53	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-02-03 13:53 . 2012-02-03 13:53	--------	d-----w-	c:\users\Ferrys\AppData\Roaming\PunkBuster
2012-02-03 13:43 . 2012-02-03 13:52	--------	d-----w-	c:\program files (x86)\Ubisoft
2012-02-03 06:02 . 2012-02-03 06:21	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-01-31 17:53 . 2012-01-31 17:53	--------	d-----w-	c:\programdata\iZotope
2012-01-29 19:21 . 2012-01-29 19:21	--------	d-----w-	c:\program files (x86)\FXpansion
2012-01-29 19:21 . 2012-01-29 19:25	--------	d-----w-	c:\users\Ferrys\AppData\Roaming\FXpansion
2012-01-29 11:31 . 2012-01-29 11:31	--------	d-----w-	c:\users\Ferrys\AppData\Roaming\runic games
2012-01-28 11:30 . 2012-01-28 11:30	--------	d-----w-	c:\users\Ferrys\AppData\Local\Funcom
2012-01-27 22:00 . 2012-01-27 22:00	--------	d-----w-	c:\users\Ferrys\AppData\Local\CrashRpt
2012-01-26 19:48 . 2012-01-26 19:51	--------	d-----w-	c:\users\Ferrys\AppData\Roaming\Line 6
2012-01-26 19:48 . 2012-01-26 19:48	--------	d-----w-	c:\programdata\Line 6
2012-01-26 19:48 . 2012-01-26 19:48	--------	d-----w-	c:\program files\Common Files\Propellerhead Software
2012-01-26 19:26 . 2012-01-26 19:29	--------	d-----w-	c:\programdata\Camel Audio
2012-01-26 09:42 . 2012-01-26 09:42	--------	d-----w-	c:\program files\jBridge
2012-01-26 09:20 . 2012-01-26 09:20	--------	d-----w-	c:\programdata\Waves Audio
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 16:30 . 2011-06-20 16:58	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-16 16:15 . 2011-06-20 16:54	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-01-29 04:10 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-19 16:45 . 2012-01-19 16:38	286208	----a-w-	c:\windows\SysWow64\Xbinkw32.dll
2012-01-02 15:26 . 2012-01-02 17:06	258352	----a-w-	c:\windows\SysWow64\unicows.dll
2011-12-19 12:45 . 2011-12-19 12:45	146736	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-06 03:45 . 2011-12-06 03:45	10720256	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18	25371136	----a-w-	c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-12-06 03:17	778752	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2009-12-11 07:34	933888	----a-w-	c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12	494080	----a-w-	c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11	235520	----a-w-	c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10	360448	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06	6159872	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56	19125760	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2009-12-11 07:31	7520768	----a-w-	c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39	4072960	----a-w-	c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34	13738496	----a-w-	c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33	5919232	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29	11484672	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28	4206592	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24	7511040	----a-w-	c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-06-20 16:39	58880	----a-w-	c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13	509952	----a-w-	c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	356352	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	14336	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	14336	----a-w-	c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12	327168	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2009-12-11 06:50	42496	----a-w-	c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11	33280	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11	39936	----a-w-	c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11	29696	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10	54784	----a-w-	c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04	69632	----a-w-	c:\windows\system32\OpenVideo64.dll
2011-12-05 21:04 . 2011-12-05 21:04	59904	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03	61952	----a-w-	c:\windows\system32\OVDecode64.dll
2011-12-05 21:03 . 2011-12-05 21:03	54784	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03	17580544	----a-w-	c:\windows\system32\amdocl64.dll
2011-12-05 21:03 . 2011-12-05 21:03	14499328	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-11-25 17:41 . 2011-11-25 17:41	2892	----a-w-	c:\windows\SysWow64\audcon.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-21 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"combofix"="c:\combofix\CF14751.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ferrys\AppData\Roaming\Mozilla\Firefox\Profiles\a1ltm1yf.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6} - c:\programdata\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\Maschine Controller Driver Setup.exe
AddRemove-{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F} - c:\programdata\{63212DDB-3722-4A80-B4BE-CF435DDAD17C}\Maschine Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-21  14:07:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-21 13:07
.
Vor Suchlauf: 12 Verzeichnis(se), 377.975.558.144 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 377.459.965.952 Bytes frei
.
- - End Of File - - 887C5F8879551483EFDB804FE1921F87

16.02.2012, 17:29	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	bundespolizei trojaner übereste finden Die extras brauch ich nicht unbedingt, wichtiger ist die otl.txt __________________ Logfiles bitte immer in CODE-Tags posten

bundespolizei trojaner übereste finden

Plagegeister aller Art und deren Bekämpfung: bundespolizei trojaner übereste finden