| |
| |||||||
Log-Analyse und Auswertung: Windows Delayed write failed | ESET-LOG | Malwarebytes-LOGWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2012, 16:13
| #1 |
 |  Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Hallo liebe Virenjäger, ich habe ein Problem mit dem "Windows -Delayed Write Failed"-Fehlermeldungen. Die Symptome: Schwarzer Desktop, unzählige Fehlermeldungen, Startmenü ist leer. Folgende Logs habe ich bereits erstellt: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 admin :: ADMIN-PC [Administrator] Schutz: Aktiviert 18.03.2012 23:52:41 mbam-log-2012-03-18 (23-52-41).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400611 Laufzeit: 29 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4a809d6ca81a5b4b8a5290b02365f31a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-19 06:04:05
# local_time=2012-03-19 07:04:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 4285 83743147 0 0
# compatibility_mode=8192 67108863 100 0 3714 3714 0 0
# scanned=205449
# found=1
# cleaned=0
# scan_time=23747
${Memory} multiple threats 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
Viele Grüße Tobias Moin, das Problem konnte ich leider noch nicht alleine lösen. Ich habe jetzt noch ein OLT-Log erstellt. Ich hoffe, jemand kann mir helfen: OLT Code:
ATTFilter OTL logfile created on: 20.03.2012 08:27:02 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,92 Gb Total Physical Memory | 6,71 Gb Available Physical Memory | 84,77% Memory free
15,84 Gb Paging File | 13,94 Gb Available in Paging File | 88,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,63 Gb Total Space | 8,23 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 828,05 Gb Free Space | 88,89% Space Free | Partition Type: NTFS
Drive E: | 1,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 111,76 Gb Total Space | 23,15 Gb Free Space | 20,72% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.09 12:40:05 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.09 12:39:54 | 000,258,512 | -H-- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 12:39:54 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.10.17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
========== Modules (No Company Name) ==========
MOD - [2012.02.17 22:51:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5b253e1301f52ac71695d2aeb390ef4\IAStorUtil.ni.dll
MOD - [2012.02.17 10:10:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.17 10:10:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.17 10:10:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.17 10:09:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.17 10:09:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.17 10:09:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.17 10:09:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.02.17 10:09:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2011.11.23 14:22:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll
MOD - [2011.11.07 15:21:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.03.16 07:25:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.09 12:40:05 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.01 19:15:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.03.20 08:19:07 | 000,048,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mqzkqxqz.sys -- (mqzkqxqz)
DRV:64bit: - [2012.02.16 20:52:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.10.15 11:48:08 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.26 03:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.09.26 12:31:02 | 000,804,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE:64bit: - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.01.08 14:03:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 02:03:16 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.03 22:39:49 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 02:03:16 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2012.03.08 17:42:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions
[2012.03.08 17:42:31 | 000,000,000 | -H-D | M] (Evernote Web Clipper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.01.08 14:03:25 | 000,000,000 | -H-D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S6CDB.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE39E68-CA98-4B56-9A4F-29D18492CB03}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB4DC382-D36F-4991-83A4-4AE57BCCF4C5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.10 23:16:15 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.03.20 08:24:18 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe
[2012.03.19 00:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.19 00:26:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
[2012.03.19 00:17:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.18 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.18 23:49:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.16 07:53:57 | 000,000,000 | -H-D | C] -- C:\Users\admin\Desktop\Katis Stick
[2012.03.13 21:03:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\ALM
[2012.03.13 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.03.13 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.13 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.13 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS5.5
[2012.03.11 18:29:10 | 000,000,000 | -H-D | C] -- C:\Users\admin\Desktop\Impfpass
[2012.03.11 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.03.11 17:37:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\EPSON
[2012.03.08 22:31:12 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.08 17:09:28 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\GMX
[2012.03.08 17:09:27 | 000,135,168 | ---- | C] (GMX GmbH) -- C:\Windows\SysNative\UIGMXMON.DLL
[2012.03.08 17:09:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\GMX
[2012.03.08 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX
[2012.03.01 20:48:24 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\FileZilla
[2012.03.01 20:48:17 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
========== Files - Modified Within 30 Days ==========
[2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe
[2012.03.20 07:58:25 | 000,013,694 | ---- | M] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk
[2012.03.20 07:57:43 | 000,000,264 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhy
[2012.03.20 07:57:42 | 000,000,176 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhyr
[2012.03.20 07:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 06:53:22 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 06:53:22 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 00:25:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
[2012.03.19 00:18:06 | 000,000,456 | ---- | M] () -- C:\ProgramData\WH8xvv4hj5eqhy
[2012.03.18 23:49:39 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.18 23:12:55 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.18 23:12:55 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.18 23:12:55 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.18 23:12:55 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.18 23:12:55 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.18 23:06:24 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012.03.18 23:05:54 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.15 17:22:02 | 000,584,757 | -H-- | M] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg
[2012.03.15 17:19:58 | 000,684,374 | -H-- | M] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg
[2012.03.15 16:45:43 | 005,113,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 22:34:51 | 000,001,256 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk
[2012.03.13 22:34:45 | 000,001,186 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk
[2012.03.13 22:34:42 | 000,001,681 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk
[2012.03.13 22:34:30 | 000,001,108 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012.03.13 22:34:13 | 000,001,225 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk
[2012.03.13 22:33:59 | 000,001,109 | -H-- | M] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk
[2012.03.10 19:59:40 | 000,000,641 | -H-- | M] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk
[2012.03.10 19:56:42 | 000,000,641 | -H-- | M] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk
[2012.03.10 19:56:30 | 000,000,664 | -H-- | M] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk
[2012.03.07 16:57:21 | 000,001,005 | -H-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
========== Files Created - No Company Name ==========
[2012.03.20 07:58:25 | 000,013,694 | ---- | C] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk
[2012.03.19 00:17:02 | 000,000,264 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhy
[2012.03.19 00:17:02 | 000,000,176 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhyr
[2012.03.19 00:17:00 | 000,000,456 | ---- | C] () -- C:\ProgramData\WH8xvv4hj5eqhy
[2012.03.18 23:49:39 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 17:22:00 | 000,584,757 | -H-- | C] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg
[2012.03.15 17:19:56 | 000,684,374 | -H-- | C] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg
[2012.03.13 22:34:51 | 000,001,256 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk
[2012.03.13 22:34:45 | 000,001,186 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk
[2012.03.13 22:34:42 | 000,001,681 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk
[2012.03.13 22:34:30 | 000,001,108 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012.03.13 22:34:13 | 000,001,225 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk
[2012.03.13 22:33:59 | 000,001,109 | -H-- | C] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk
[2012.03.10 19:59:40 | 000,000,641 | -H-- | C] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk
[2012.03.10 19:56:42 | 000,000,641 | -H-- | C] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk
[2012.03.10 19:56:30 | 000,000,664 | -H-- | C] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk
[2011.12.01 21:21:06 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.23 14:52:09 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.23 14:52:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.23 14:52:09 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.23 14:52:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.23 14:52:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.23 14:50:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.27 14:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe
========== LOP Check ==========
[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo
[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX
[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex
[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client
[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software
[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly
[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP
[2012.02.18 21:16:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.18 23:06:24 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.03.13 22:36:07 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Adobe
[2011.12.22 23:18:08 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2011.12.17 17:13:49 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Avira
[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo
[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX
[2011.12.01 16:55:53 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Identities
[2011.12.01 17:03:09 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\InstallShield
[2011.12.01 16:56:01 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Intel Corporation
[2011.12.01 17:18:57 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Macromedia
[2012.03.18 23:49:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2012.03.19 06:48:19 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Mozilla
[2011.12.01 21:34:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\NVIDIA
[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex
[2012.01.24 22:25:41 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Skype
[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client
[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software
[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly
[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP
[2012.01.20 11:16:19 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\vlc
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.01 19:19:21 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.03.13 20:47:41 | 000,010,134 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.01.04 23:39:51 | 000,576,536 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_74f348dee3038044\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
 .Viele Grüße Tobias |
|
20.03.2012, 18:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
20.03.2012, 20:19
| #3 |
| | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Hallo Arne,
__________________danke für deine Antwort. Ich habe Malwarebytes für diesen Virus erstmals benutzt. Unter Logfiles finden sich trotzdem 4 Files: Vom 20.03.: Code:
ATTFilter 2012/03/20 07:57:48 +0100 ADMIN-PC admin IP-BLOCK 217.23.9.189 (Type: outgoing, Port: 51572, Process: wh8xvv4hj5eqhy.exe)
2012/03/20 07:57:48 +0100 ADMIN-PC admin IP-BLOCK 141.136.16.61 (Type: outgoing, Port: 51573, Process: wh8xvv4hj5eqhy.exe)
2012/03/20 08:25:58 +0100 ADMIN-PC admin MESSAGE Stopping IP protection
2012/03/20 08:26:28 +0100 ADMIN-PC admin MESSAGE IP Protection stopped
2012/03/20 08:49:44 +0100 ADMIN-PC admin MESSAGE Executing scheduled update: Daily
2012/03/20 08:49:50 +0100 ADMIN-PC admin MESSAGE Scheduled update executed successfully: database updated from version v2012.03.18.03 to version v2012.03.20.02
2012/03/20 08:49:50 +0100 ADMIN-PC admin MESSAGE Starting database refresh
2012/03/20 08:49:52 +0100 ADMIN-PC admin MESSAGE Database refreshed successfully
2012/03/20 20:13:49 +0100 ADMIN-PC admin MESSAGE Starting protection
2012/03/20 20:13:50 +0100 ADMIN-PC admin MESSAGE Protection started successfully
2012/03/20 20:13:53 +0100 ADMIN-PC admin MESSAGE Starting IP protection
2012/03/20 20:13:53 +0100 ADMIN-PC admin MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/03/19 00:06:15 +0100 ADMIN-PC admin MESSAGE Executing scheduled update: Daily
2012/03/19 00:06:15 +0100 ADMIN-PC admin MESSAGE Database already up-to-date
2012/03/19 00:17:08 +0100 ADMIN-PC admin IP-BLOCK 217.23.9.189 (Type: outgoing, Port: 49733, Process: wh8xvv4hj5eqhy.exe)
2012/03/19 00:17:08 +0100 ADMIN-PC admin IP-BLOCK 141.136.16.61 (Type: outgoing, Port: 49734, Process: wh8xvv4hj5eqhy.exe)
2012/03/19 16:04:42 +0100 ADMIN-PC admin IP-BLOCK 217.23.9.189 (Type: outgoing, Port: 50036, Process: wh8xvv4hj5eqhy.exe)
2012/03/19 16:04:42 +0100 ADMIN-PC admin IP-BLOCK 141.136.16.61 (Type: outgoing, Port: 50037, Process: wh8xvv4hj5eqhy.exe)
Code:
ATTFilter 2012/03/18 23:50:15 +0100 ADMIN-PC admin MESSAGE Starting protection
2012/03/18 23:50:16 +0100 ADMIN-PC admin MESSAGE Protection started successfully
2012/03/18 23:50:19 +0100 ADMIN-PC admin MESSAGE Starting IP protection
2012/03/18 23:50:20 +0100 ADMIN-PC admin MESSAGE IP Protection started successfully
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 admin :: ADMIN-PC [Administrator] Schutz: Aktiviert 18.03.2012 23:52:41 mbam-log-2012-03-18 (23-52-41).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400611 Laufzeit: 29 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Tobias |
|
21.03.2012, 08:38
| #4 |
| | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Hier ein kleines Update: Die Fehlermeldungen sind weg. Auch das Fake-Virenprogramm geht nicht mehr auf. Ich habe die ersten Symbole wieder hergestellt. Nur für das Startmenü habe ich noch nicht herausgefunden, wie das geht. Ich habe heute nochmal einen Suchlauf mit AVIRA gestartet. Der hat bei der Suche ein Trojanisches Pferd entdeckt: FakeSysdef.442368.69. Ist das mein Virus? Oder schon wieder ein neuer Virus? Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 21. März 2012 08:01
Es wird nach 3581057 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : admin
Computername : ADMIN-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 16.02.2012 19:52:33
AVSCAN.DLL : 12.1.0.18 65744 Bytes 16.02.2012 19:52:32
LUKE.DLL : 12.1.0.19 68304 Bytes 16.02.2012 19:52:35
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 16.02.2012 19:52:36
AVREG.DLL : 12.1.0.29 228048 Bytes 16.02.2012 19:52:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:18:17
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:07:21
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 19:07:21
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 19:07:21
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 19:07:22
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 19:07:22
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 19:07:23
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 19:07:23
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 19:07:23
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 19:07:23
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 19:07:23
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 19:09:41
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 19:11:58
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 19:12:03
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 19:03:45
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 19:03:54
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 19:52:20
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 19:52:14
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 14:47:12
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 14:47:13
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 16:02:07
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 16:02:13
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 16:02:19
VBASE025.VDF : 7.11.25.30 245248 Bytes 12.03.2012 16:32:54
VBASE026.VDF : 7.11.25.121 252416 Bytes 15.03.2012 17:53:49
VBASE027.VDF : 7.11.25.177 202752 Bytes 20.03.2012 06:59:13
VBASE028.VDF : 7.11.25.178 2048 Bytes 20.03.2012 06:59:13
VBASE029.VDF : 7.11.25.179 2048 Bytes 20.03.2012 06:59:13
VBASE030.VDF : 7.11.25.180 2048 Bytes 20.03.2012 06:59:13
VBASE031.VDF : 7.11.25.194 43520 Bytes 21.03.2012 06:59:13
Engineversion : 8.2.10.24
AEVDF.DLL : 8.1.2.2 106868 Bytes 09.12.2011 11:39:53
AESCRIPT.DLL : 8.1.4.10 455035 Bytes 15.03.2012 17:29:05
AESCN.DLL : 8.1.8.2 131444 Bytes 31.01.2012 15:58:43
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 11:18:23
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 08.03.2012 15:56:11
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 12:35:55
AEHEUR.DLL : 8.1.4.7 4501878 Bytes 16.03.2012 17:55:04
AEHELP.DLL : 8.1.19.0 254327 Bytes 19.01.2012 19:01:05
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 15:56:06
AEEXP.DLL : 8.1.0.25 74101 Bytes 15.03.2012 17:29:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 17:29:01
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 09.12.2011 11:39:57
AVPREF.DLL : 12.1.0.17 51920 Bytes 09.12.2011 11:39:55
AVREP.DLL : 12.1.0.17 179408 Bytes 09.12.2011 11:39:55
AVARKT.DLL : 12.1.0.23 209360 Bytes 16.02.2012 19:52:32
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 09.12.2011 11:39:54
SQLITE3.DLL : 3.7.0.0 398288 Bytes 09.12.2011 11:40:07
AVSMTP.DLL : 12.1.0.17 62928 Bytes 09.12.2011 11:39:56
NETNT.DLL : 12.1.0.17 17104 Bytes 09.12.2011 11:40:03
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 09.12.2011 11:40:18
RCTEXT.DLL : 12.1.0.16 98512 Bytes 09.12.2011 11:40:19
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: D:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, G:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,
Beginn des Suchlaufs: Mittwoch, 21. März 2012 08:01
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\system32\drivers\mqzkqxqz.sys
c:\windows\system32\drivers\mqzkqxqz.sys
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Events\{D5BBCFC5-166A-4F89-B13C-9888B375CFE8}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Servers\7A9BE094-1BAC-4E71-A04C-3862821E7C67\IPAddress
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009\Linkage\UpperBind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C3C164DA-CC4C-415A-953E-F15DC80066D6}\Connection\Name
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Tcpip\Parameters\Interfaces\{BB4DC382-D36F-4991-83A4-4AE57BCCF4C5}\DhcpInterfaceOptions
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\mqzkqxqz
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Health\{0BC503B6-3DD8-4419-A71D-98CBBCC82C49}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAM Updates Notifier.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'tv_w32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1263' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows 7>
C:\Users\admin\AppData\Local\Temp\UFISMZihQLvVwG.exe.tmp
[FUND] Ist das Trojanische Pferd TR/FakeSysdef.442368.69
Beginne mit der Suche in 'D:\' <Volume>
Beginne mit der Suche in 'G:\' <TREKSTOR>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert
Beginne mit der Desinfektion:
C:\Users\admin\AppData\Local\Temp\UFISMZihQLvVwG.exe.tmp
[FUND] Ist das Trojanische Pferd TR/FakeSysdef.442368.69
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49a127e0.qua' verschoben!
Ende des Suchlaufs: Mittwoch, 21. März 2012 08:33
Benötigte Zeit: 31:12 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
34302 Verzeichnisse wurden überprüft
953690 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
953689 Dateien ohne Befall
7147 Archive wurden durchsucht
0 Warnungen
9 Hinweise
637902 Objekte wurden beim Rootkitscan durchsucht
8 Versteckte Objekte wurden gefunden
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 18. März 2012 23:00
Es wird nach 3567427 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ADMIN-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 16.02.2012 19:52:33
AVSCAN.DLL : 12.1.0.18 65744 Bytes 16.02.2012 19:52:32
LUKE.DLL : 12.1.0.19 68304 Bytes 16.02.2012 19:52:35
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 16.02.2012 19:52:36
AVREG.DLL : 12.1.0.29 228048 Bytes 16.02.2012 19:52:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:18:17
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:07:21
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 19:07:21
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 19:07:21
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 19:07:22
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 19:07:22
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 19:07:23
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 19:07:23
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 19:07:23
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 19:07:23
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 19:07:23
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 19:09:41
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 19:11:58
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 19:12:03
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 19:03:45
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 19:03:54
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 19:52:20
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 19:52:14
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 14:47:12
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 14:47:13
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 16:02:07
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 16:02:13
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 16:02:19
VBASE025.VDF : 7.11.25.30 245248 Bytes 12.03.2012 16:32:54
VBASE026.VDF : 7.11.25.121 252416 Bytes 15.03.2012 17:53:49
VBASE027.VDF : 7.11.25.122 2048 Bytes 15.03.2012 17:53:49
VBASE028.VDF : 7.11.25.123 2048 Bytes 15.03.2012 17:53:49
VBASE029.VDF : 7.11.25.124 2048 Bytes 15.03.2012 17:53:49
VBASE030.VDF : 7.11.25.125 2048 Bytes 15.03.2012 17:53:50
VBASE031.VDF : 7.11.25.136 44032 Bytes 16.03.2012 17:53:52
Engineversion : 8.2.10.24
AEVDF.DLL : 8.1.2.2 106868 Bytes 09.12.2011 11:39:53
AESCRIPT.DLL : 8.1.4.10 455035 Bytes 15.03.2012 17:29:05
AESCN.DLL : 8.1.8.2 131444 Bytes 31.01.2012 15:58:43
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 11:18:23
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 08.03.2012 15:56:11
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 12:35:55
AEHEUR.DLL : 8.1.4.7 4501878 Bytes 16.03.2012 17:55:04
AEHELP.DLL : 8.1.19.0 254327 Bytes 19.01.2012 19:01:05
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 15:56:06
AEEXP.DLL : 8.1.0.25 74101 Bytes 15.03.2012 17:29:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 17:29:01
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 09.12.2011 11:39:57
AVPREF.DLL : 12.1.0.17 51920 Bytes 09.12.2011 11:39:55
AVREP.DLL : 12.1.0.17 179408 Bytes 09.12.2011 11:39:55
AVARKT.DLL : 12.1.0.23 209360 Bytes 16.02.2012 19:52:32
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 09.12.2011 11:39:54
SQLITE3.DLL : 3.7.0.0 398288 Bytes 09.12.2011 11:40:07
AVSMTP.DLL : 12.1.0.17 62928 Bytes 09.12.2011 11:39:56
NETNT.DLL : 12.1.0.17 17104 Bytes 09.12.2011 11:40:03
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 09.12.2011 11:40:18
RCTEXT.DLL : 12.1.0.16 98512 Bytes 09.12.2011 11:40:19
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f6641bb\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,
Beginn des Suchlaufs: Sonntag, 18. März 2012 23:00
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IkEJJmteVRTh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Citavi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'swriter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAM Updates Notifier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tv_w32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\admin\AppData\Local\Temp\GEJJWxj4NmsWDp.exe'
C:\Users\admin\AppData\Local\Temp\GEJJWxj4NmsWDp.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
Beginne mit der Desinfektion:
C:\Users\admin\AppData\Local\Temp\GEJJWxj4NmsWDp.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4940fad5.qua' verschoben!
Ende des Suchlaufs: Sonntag, 18. März 2012 23:01
Benötigte Zeit: 00:00 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
668 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
667 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
|
|
21.03.2012, 15:32
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.03.2012, 15:57
| #6 |
| | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG wird erledigt: Code:
ATTFilter OTL logfile created on: 21.03.2012 15:39:08 - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,92 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 85,39% Memory free
15,84 Gb Paging File | 13,97 Gb Available in Paging File | 88,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,63 Gb Total Space | 7,77 Gb Free Space | 13,03% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 827,61 Gb Free Space | 88,85% Space Free | Partition Type: NTFS
Drive E: | 1,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 111,76 Gb Total Space | 23,15 Gb Free Space | 20,72% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.10.17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- D:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- D:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.10.14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- D:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.03.30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
========== Modules (No Company Name) ==========
MOD - [2012.02.17 22:51:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5b253e1301f52ac71695d2aeb390ef4\IAStorUtil.ni.dll
MOD - [2012.02.17 10:10:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.17 10:10:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.17 10:09:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.17 10:09:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.17 10:09:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.17 10:09:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.02.17 10:09:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2011.11.23 14:22:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll
MOD - [2011.11.07 15:21:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.03.21 15:36:40 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.02 10:37:41 | 002,923,392 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.01 19:15:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.02.16 20:52:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.10.15 11:48:08 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.26 03:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.09.26 12:31:02 | 000,804,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE:64bit: - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\jr7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.01.08 14:03:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.03.21 08:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.03 22:39:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2012.03.21 15:36:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions
[2012.03.21 15:36:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.08 17:42:31 | 000,000,000 | -H-D | M] (Evernote Web Clipper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\vxpdy2mc.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.03.21 15:36:51 | 000,002,112 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxpdy2mc.default\searchplugins\wot-safe-search.xml
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPDY2MC.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\jr7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files (x86)\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S6CDB.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [FileHippo.com] D:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1002..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE39E68-CA98-4B56-9A4F-29D18492CB03}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB4DC382-D36F-4991-83A4-4AE57BCCF4C5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.03.21 09:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.03.21 09:00:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.03.21 09:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.21 09:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.21 08:56:37 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Secunia PSI
[2012.03.20 08:24:18 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe
[2012.03.19 00:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.19 00:26:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
[2012.03.19 00:17:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.18 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.18 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.18 23:49:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.16 07:53:57 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Katis Stick
[2012.03.13 21:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.03.13 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.03.13 20:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.03.13 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.13 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.13 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS5.5
[2012.03.11 18:29:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Impfpass
[2012.03.11 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.03.11 17:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.03.08 22:31:12 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.08 17:09:28 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\GMX
[2012.03.08 17:09:27 | 000,135,168 | ---- | C] (GMX GmbH) -- C:\Windows\SysNative\UIGMXMON.DLL
[2012.03.08 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX
[2012.03.08 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GMX
[2012.03.01 20:48:24 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\FileZilla
[2012.03.01 20:48:17 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
========== Files - Modified Within 30 Days ==========
[2012.03.21 15:36:38 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012.03.21 14:42:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 09:16:14 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 09:16:14 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 09:13:24 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.21 09:13:24 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.21 09:13:24 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.21 09:13:24 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.21 09:13:24 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.21 09:08:58 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.21 09:01:43 | 000,000,872 | ---- | M] () -- C:\Users\admin\Desktop\Update Checker.lnk
[2012.03.21 08:56:33 | 000,000,793 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.03.20 08:24:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL(1).exe
[2012.03.20 07:58:25 | 000,013,694 | ---- | M] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk
[2012.03.20 07:57:43 | 000,000,264 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhy
[2012.03.20 07:57:42 | 000,000,176 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhyr
[2012.03.19 00:25:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
[2012.03.19 00:18:06 | 000,000,456 | ---- | M] () -- C:\ProgramData\WH8xvv4hj5eqhy
[2012.03.18 23:49:39 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 17:22:02 | 000,584,757 | ---- | M] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg
[2012.03.15 17:19:58 | 000,684,374 | ---- | M] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg
[2012.03.15 16:45:43 | 005,113,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 22:34:51 | 000,001,256 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk
[2012.03.13 22:34:45 | 000,001,186 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk
[2012.03.13 22:34:42 | 000,001,681 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk
[2012.03.13 22:34:30 | 000,001,108 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012.03.13 22:34:13 | 000,001,225 | ---- | M] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk
[2012.03.13 22:33:59 | 000,001,109 | ---- | M] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk
[2012.03.10 19:59:40 | 000,000,641 | ---- | M] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk
[2012.03.10 19:56:42 | 000,000,641 | ---- | M] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk
[2012.03.10 19:56:30 | 000,000,664 | ---- | M] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk
[2012.03.07 16:57:21 | 000,001,005 | -H-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
========== Files Created - No Company Name ==========
[2012.03.21 09:05:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.21 09:01:43 | 000,000,872 | ---- | C] () -- C:\Users\admin\Desktop\Update Checker.lnk
[2012.03.21 09:01:43 | 000,000,872 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012.03.21 08:56:33 | 000,000,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.03.21 08:56:33 | 000,000,772 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.03.21 08:11:11 | 000,000,801 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.20 07:58:25 | 000,013,694 | ---- | C] () -- C:\Users\admin\Desktop\Firefox - Verknüpfung.lnk
[2012.03.19 00:17:02 | 000,000,264 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhy
[2012.03.19 00:17:02 | 000,000,176 | ---- | C] () -- C:\ProgramData\~WH8xvv4hj5eqhyr
[2012.03.19 00:17:00 | 000,000,456 | ---- | C] () -- C:\ProgramData\WH8xvv4hj5eqhy
[2012.03.18 23:49:39 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 17:22:00 | 000,584,757 | ---- | C] () -- C:\Users\admin\Desktop\dienstvertrag2.jpg
[2012.03.15 17:19:56 | 000,684,374 | ---- | C] () -- C:\Users\admin\Desktop\dienstvertrag 1.jpg
[2012.03.13 22:34:51 | 000,001,256 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Audition CS5.5.lnk
[2012.03.13 22:34:45 | 000,001,186 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Flash Professional CS5.5.lnk
[2012.03.13 22:34:42 | 000,001,681 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Illustrator CS5.1.lnk
[2012.03.13 22:34:30 | 000,001,108 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012.03.13 22:34:13 | 000,001,225 | ---- | C] () -- C:\Users\admin\Desktop\Adobe After Effects CS5.5.lnk
[2012.03.13 22:33:59 | 000,001,109 | ---- | C] () -- C:\Users\admin\Desktop\Adobe Premiere Pro CS5.5.lnk
[2012.03.10 19:59:40 | 000,000,641 | ---- | C] () -- C:\Users\admin\Desktop\Videos - Verknüpfung.lnk
[2012.03.10 19:56:42 | 000,000,641 | ---- | C] () -- C:\Users\admin\Desktop\Bilder - Verknüpfung.lnk
[2012.03.10 19:56:30 | 000,000,664 | ---- | C] () -- C:\Users\admin\Desktop\Dokumente - Verknüpfung.lnk
[2011.12.01 21:21:06 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.23 14:52:09 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.23 14:52:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.23 14:52:09 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.23 14:52:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.23 14:52:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.23 14:50:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.27 14:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe
========== LOP Check ==========
[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo
[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX
[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex
[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client
[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software
[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly
[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP
[2012.03.21 09:15:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\PACE Anti-Piracy
[2012.02.18 21:16:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.21 15:36:38 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.03.13 22:36:07 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Adobe
[2011.12.22 23:18:08 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2011.12.17 17:13:49 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Avira
[2012.03.08 22:31:12 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.01 19:19:42 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.16 21:20:27 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\DarknessIIDemo
[2012.03.18 21:18:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2012.03.01 21:51:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2012.03.08 17:09:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\GMX
[2011.12.01 16:55:53 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Identities
[2011.12.01 17:03:09 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\InstallShield
[2011.12.01 16:56:01 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Intel Corporation
[2011.12.01 17:18:57 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Macromedia
[2012.03.18 23:49:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2012.03.19 06:48:19 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2011.12.01 17:10:41 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Mozilla
[2011.12.01 21:34:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\NVIDIA
[2011.12.01 17:28:18 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2011.12.01 21:27:39 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\PDAppFlex
[2012.03.21 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Skype
[2012.02.12 19:58:38 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
[2012.03.11 21:53:11 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client
[2012.02.13 00:43:23 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Swiss Academic Software
[2012.01.07 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\The Creative Assembly
[2011.12.05 14:47:40 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011.12.01 21:21:25 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\TP
[2012.01.20 11:16:19 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData\Roaming\vlc
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | -H-- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.01 19:19:21 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.03.13 20:47:41 | 000,010,134 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.01.04 23:39:51 | 000,576,536 | RH-- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_74f348dee3038044\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
|
|
21.03.2012, 16:50
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE:64bit: - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE - HKLM\..\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1002\..\SearchScopes,DefaultScope = {701CD118-29C3-4A19-80BC-5192680A1DE1}
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-436935125-148091526-2754246006-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
[2012.03.20 07:57:43 | 000,000,264 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhy
[2012.03.20 07:57:42 | 000,000,176 | ---- | M] () -- C:\ProgramData\~WH8xvv4hj5eqhyr
[2012.03.19 00:18:06 | 000,000,456 | ---- | M] () -- C:\ProgramData\WH8xvv4hj5eqhy
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 09:11
| #8 |
| | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Hallo Arne, ich habe den Fix durchgeführt: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701CD118-29C3-4A19-80BC-5192680A1DE1}\ not found.
HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-436935125-148091526-2754246006-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-436935125-148091526-2754246006-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\S-1-5-21-436935125-148091526-2754246006-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436935125-148091526-2754246006-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436935125-148091526-2754246006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
C:\ProgramData\~WH8xvv4hj5eqhy moved successfully.
C:\ProgramData\~WH8xvv4hj5eqhyr moved successfully.
C:\ProgramData\WH8xvv4hj5eqhy moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 357676198 bytes
->Temporary Internet Files folder emptied: 252736715 bytes
->Java cache emptied: 395929 bytes
->FireFox cache emptied: 57555533 bytes
->Flash cache emptied: 57021 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tobias
->Temp folder emptied: 1308387 bytes
->Temporary Internet Files folder emptied: 23998755 bytes
->FireFox cache emptied: 44600524 bytes
->Flash cache emptied: 56950 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70909658 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 772,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.1 log created on 03222012_090747
Files\Folders moved on Reboot...
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Viele Grüße Tobias |
|
22.03.2012, 12:37
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 20:12
| #10 |
| | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Hi Arne, hier das Log-File: Code:
ATTFilter 20:07:55.0385 4712 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
20:07:55.0479 4712 ============================================================
20:07:55.0479 4712 Current date / time: 2012/03/22 20:07:55.0479
20:07:55.0479 4712 SystemInfo:
20:07:55.0479 4712
20:07:55.0479 4712 OS Version: 6.1.7601 ServicePack: 1.0
20:07:55.0479 4712 Product type: Workstation
20:07:55.0479 4712 ComputerName: ADMIN-PC
20:07:55.0479 4712 UserName: admin
20:07:55.0479 4712 Windows directory: C:\Windows
20:07:55.0479 4712 System windows directory: C:\Windows
20:07:55.0479 4712 Running under WOW64
20:07:55.0479 4712 Processor architecture: Intel x64
20:07:55.0479 4712 Number of processors: 4
20:07:55.0479 4712 Page size: 0x1000
20:07:55.0479 4712 Boot type: Normal boot
20:07:55.0479 4712 ============================================================
20:07:55.0651 4712 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:55.0651 4712 Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:55.0651 4712 Drive \Device\Harddisk2\DR2 - Size: 0xEC400000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:07:55.0651 4712 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:07:55.0651 4712 Drive \Device\Harddisk4\DR4 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:07:55.0666 4712 \Device\Harddisk0\DR0:
20:07:55.0666 4712 MBR used
20:07:55.0666 4712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:07:55.0666 4712 \Device\Harddisk1\DR1:
20:07:55.0666 4712 MBR used
20:07:55.0666 4712 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x77402B0
20:07:55.0666 4712 \Device\Harddisk2\DR2:
20:07:55.0666 4712 MBR used
20:07:55.0666 4712 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760000
20:07:55.0666 4712 \Device\Harddisk3\DR3:
20:07:55.0666 4712 MBR used
20:07:55.0666 4712 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
20:07:55.0666 4712 \Device\Harddisk4\DR4:
20:07:55.0666 4712 MBR used
20:07:55.0666 4712 \Device\Harddisk4\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF93782
20:07:55.0682 4712 Initialize success
20:07:55.0682 4712 ============================================================
20:08:02.0029 4364 ============================================================
20:08:02.0029 4364 Scan started
20:08:02.0029 4364 Mode: Manual; SigCheck; TDLFS;
20:08:02.0029 4364 ============================================================
20:08:02.0138 4364 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:08:02.0169 4364 1394ohci - ok
20:08:02.0185 4364 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:08:02.0185 4364 ACPI - ok
20:08:02.0200 4364 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:08:02.0216 4364 AcpiPmi - ok
20:08:02.0216 4364 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:08:02.0231 4364 AdobeARMservice - ok
20:08:02.0231 4364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:08:02.0247 4364 adp94xx - ok
20:08:02.0263 4364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:08:02.0263 4364 adpahci - ok
20:08:02.0278 4364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:08:02.0278 4364 adpu320 - ok
20:08:02.0294 4364 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:08:02.0325 4364 AeLookupSvc - ok
20:08:02.0341 4364 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:08:02.0356 4364 AFD - ok
20:08:02.0356 4364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:08:02.0372 4364 agp440 - ok
20:08:02.0372 4364 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:08:02.0387 4364 ALG - ok
20:08:02.0387 4364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:08:02.0403 4364 aliide - ok
20:08:02.0403 4364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:08:02.0419 4364 amdide - ok
20:08:02.0419 4364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:08:02.0434 4364 AmdK8 - ok
20:08:02.0434 4364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:08:02.0450 4364 AmdPPM - ok
20:08:02.0450 4364 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:08:02.0450 4364 amdsata - ok
20:08:02.0465 4364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:08:02.0465 4364 amdsbs - ok
20:08:02.0481 4364 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:08:02.0481 4364 amdxata - ok
20:08:02.0543 4364 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:08:02.0543 4364 AntiVirSchedulerService - ok
20:08:02.0559 4364 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:08:02.0575 4364 AntiVirService - ok
20:08:02.0575 4364 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:08:02.0637 4364 AppID - ok
20:08:02.0637 4364 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:08:02.0668 4364 AppIDSvc - ok
20:08:02.0684 4364 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:08:02.0699 4364 Appinfo - ok
20:08:02.0699 4364 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:08:02.0715 4364 Apple Mobile Device - ok
20:08:02.0715 4364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:08:02.0715 4364 arc - ok
20:08:02.0731 4364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:08:02.0731 4364 arcsas - ok
20:08:02.0746 4364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:08:02.0762 4364 AsyncMac - ok
20:08:02.0777 4364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:08:02.0777 4364 atapi - ok
20:08:02.0793 4364 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:08:02.0809 4364 AudioEndpointBuilder - ok
20:08:02.0824 4364 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:08:02.0840 4364 AudioSrv - ok
20:08:02.0855 4364 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:08:02.0871 4364 avgntflt - ok
20:08:02.0887 4364 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
20:08:02.0887 4364 avipbb - ok
20:08:02.0887 4364 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:08:02.0902 4364 avkmgr - ok
20:08:02.0902 4364 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:08:02.0918 4364 AxInstSV - ok
20:08:02.0933 4364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:08:02.0933 4364 b06bdrv - ok
20:08:02.0949 4364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:08:02.0949 4364 b57nd60a - ok
20:08:02.0965 4364 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:08:02.0965 4364 BBSvc - ok
20:08:02.0980 4364 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:08:02.0980 4364 BDESVC - ok
20:08:02.0996 4364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:08:03.0011 4364 Beep - ok
20:08:03.0027 4364 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:08:03.0043 4364 BFE - ok
20:08:03.0058 4364 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:08:03.0089 4364 BITS - ok
20:08:03.0105 4364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:08:03.0105 4364 blbdrive - ok
20:08:03.0105 4364 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:08:03.0121 4364 Bonjour Service - ok
20:08:03.0121 4364 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:08:03.0136 4364 bowser - ok
20:08:03.0136 4364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:08:03.0152 4364 BrFiltLo - ok
20:08:03.0152 4364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:08:03.0167 4364 BrFiltUp - ok
20:08:03.0167 4364 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:08:03.0199 4364 Browser - ok
20:08:03.0199 4364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:08:03.0214 4364 Brserid - ok
20:08:03.0230 4364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:08:03.0230 4364 BrSerWdm - ok
20:08:03.0245 4364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:08:03.0245 4364 BrUsbMdm - ok
20:08:03.0261 4364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:08:03.0261 4364 BrUsbSer - ok
20:08:03.0277 4364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:08:03.0277 4364 BTHMODEM - ok
20:08:03.0292 4364 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:08:03.0308 4364 bthserv - ok
20:08:03.0323 4364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:08:03.0339 4364 cdfs - ok
20:08:03.0355 4364 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:08:03.0355 4364 cdrom - ok
20:08:03.0370 4364 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:08:03.0386 4364 CertPropSvc - ok
20:08:03.0386 4364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:08:03.0401 4364 circlass - ok
20:08:03.0401 4364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:08:03.0417 4364 CLFS - ok
20:08:03.0417 4364 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:08:03.0433 4364 clr_optimization_v2.0.50727_32 - ok
20:08:03.0433 4364 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:08:03.0433 4364 clr_optimization_v2.0.50727_64 - ok
20:08:03.0448 4364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:08:03.0448 4364 clr_optimization_v4.0.30319_32 - ok
20:08:03.0464 4364 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:08:03.0464 4364 clr_optimization_v4.0.30319_64 - ok
20:08:03.0479 4364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:08:03.0479 4364 CmBatt - ok
20:08:03.0479 4364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:08:03.0495 4364 cmdide - ok
20:08:03.0495 4364 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:08:03.0511 4364 CNG - ok
20:08:03.0526 4364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:08:03.0526 4364 Compbatt - ok
20:08:03.0542 4364 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:08:03.0542 4364 CompositeBus - ok
20:08:03.0542 4364 COMSysApp - ok
20:08:03.0557 4364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:08:03.0557 4364 crcdisk - ok
20:08:03.0573 4364 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:08:03.0589 4364 CryptSvc - ok
20:08:03.0604 4364 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:08:03.0620 4364 cvhsvc - ok
20:08:03.0620 4364 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:08:03.0651 4364 DcomLaunch - ok
20:08:03.0651 4364 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:08:03.0682 4364 defragsvc - ok
20:08:03.0682 4364 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:08:03.0713 4364 DfsC - ok
20:08:03.0713 4364 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:08:03.0745 4364 Dhcp - ok
20:08:03.0745 4364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:08:03.0776 4364 discache - ok
20:08:03.0776 4364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:08:03.0791 4364 Disk - ok
20:08:03.0791 4364 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:08:03.0807 4364 Dnscache - ok
20:08:03.0807 4364 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:08:03.0838 4364 dot3svc - ok
20:08:03.0838 4364 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:08:03.0854 4364 DPS - ok
20:08:03.0869 4364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:08:03.0869 4364 drmkaud - ok
20:08:03.0885 4364 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:08:03.0901 4364 DXGKrnl - ok
20:08:03.0916 4364 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:08:03.0916 4364 E1G60 - ok
20:08:03.0932 4364 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:08:03.0947 4364 EapHost - ok
20:08:03.0979 4364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:08:04.0010 4364 ebdrv - ok
20:08:04.0025 4364 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:08:04.0025 4364 EFS - ok
20:08:04.0041 4364 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:08:04.0057 4364 ehRecvr - ok
20:08:04.0057 4364 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:08:04.0072 4364 ehSched - ok
20:08:04.0072 4364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:08:04.0088 4364 elxstor - ok
20:08:04.0103 4364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:08:04.0103 4364 ErrDev - ok
20:08:04.0119 4364 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\System32\Drivers\EtronHub3.sys
20:08:04.0119 4364 EtronHub3 - ok
20:08:04.0119 4364 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\System32\Drivers\EtronXHCI.sys
20:08:04.0135 4364 EtronXHCI - ok
20:08:04.0135 4364 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:08:04.0181 4364 EventSystem - ok
20:08:04.0181 4364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:08:04.0213 4364 exfat - ok
20:08:04.0213 4364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:08:04.0244 4364 fastfat - ok
20:08:04.0244 4364 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:08:04.0259 4364 Fax - ok
20:08:04.0275 4364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:08:04.0275 4364 fdc - ok
20:08:04.0291 4364 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:08:04.0306 4364 fdPHost - ok
20:08:04.0306 4364 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:08:04.0337 4364 FDResPub - ok
20:08:04.0337 4364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:08:04.0353 4364 FileInfo - ok
20:08:04.0353 4364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:08:04.0369 4364 Filetrace - ok
20:08:04.0384 4364 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:08:04.0400 4364 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:08:04.0400 4364 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:08:04.0400 4364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:08:04.0415 4364 flpydisk - ok
20:08:04.0415 4364 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:08:04.0431 4364 FltMgr - ok
20:08:04.0447 4364 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:08:04.0462 4364 FontCache - ok
20:08:04.0462 4364 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:08:04.0462 4364 FontCache3.0.0.0 - ok
20:08:04.0478 4364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:08:04.0478 4364 FsDepends - ok
20:08:04.0493 4364 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
20:08:04.0493 4364 fssfltr - ok
20:08:04.0509 4364 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:08:04.0525 4364 fsssvc - ok
20:08:04.0540 4364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:08:04.0540 4364 Fs_Rec - ok
20:08:04.0556 4364 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:08:04.0556 4364 fvevol - ok
20:08:04.0571 4364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:08:04.0571 4364 gagp30kx - ok
20:08:04.0571 4364 gdrv - ok
20:08:04.0587 4364 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:08:04.0587 4364 GEARAspiWDM - ok
20:08:04.0603 4364 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:08:04.0634 4364 gpsvc - ok
20:08:04.0634 4364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:08:04.0649 4364 hcw85cir - ok
20:08:04.0649 4364 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:08:04.0665 4364 HdAudAddService - ok
20:08:04.0681 4364 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:08:04.0681 4364 HDAudBus - ok
20:08:04.0696 4364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:08:04.0696 4364 HidBatt - ok
20:08:04.0712 4364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:08:04.0712 4364 HidBth - ok
20:08:04.0727 4364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:08:04.0727 4364 HidIr - ok
20:08:04.0743 4364 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:08:04.0759 4364 hidserv - ok
20:08:04.0759 4364 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:08:04.0774 4364 HidUsb - ok
20:08:04.0774 4364 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:08:04.0805 4364 hkmsvc - ok
20:08:04.0805 4364 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:08:04.0821 4364 HomeGroupListener - ok
20:08:04.0821 4364 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:08:04.0837 4364 HomeGroupProvider - ok
20:08:04.0837 4364 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:08:04.0852 4364 HpSAMD - ok
20:08:04.0868 4364 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:08:04.0883 4364 HTTP - ok
20:08:04.0899 4364 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:08:04.0899 4364 hwpolicy - ok
20:08:04.0915 4364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:08:04.0915 4364 i8042prt - ok
20:08:04.0930 4364 iaStor (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\drivers\iaStor.sys
20:08:04.0930 4364 iaStor - ok
20:08:04.0946 4364 IAStorDataMgrSvc (17125b7d2f56b4b35441561c780c2ccb) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:08:04.0946 4364 IAStorDataMgrSvc - ok
20:08:04.0946 4364 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:08:04.0961 4364 iaStorV - ok
20:08:04.0977 4364 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:08:04.0993 4364 idsvc - ok
20:08:05.0071 4364 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:08:05.0180 4364 igfx - ok
20:08:05.0195 4364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:08:05.0195 4364 iirsp - ok
20:08:05.0211 4364 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:08:05.0242 4364 IKEEXT - ok
20:08:05.0258 4364 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
20:08:05.0289 4364 IntcAzAudAddService - ok
20:08:05.0305 4364 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:08:05.0320 4364 IntcDAud - ok
20:08:05.0320 4364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:08:05.0320 4364 intelide - ok
20:08:05.0336 4364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:08:05.0336 4364 intelppm - ok
20:08:05.0351 4364 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:08:05.0367 4364 IPBusEnum - ok
20:08:05.0383 4364 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:05.0398 4364 IpFilterDriver - ok
20:08:05.0414 4364 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:08:05.0429 4364 iphlpsvc - ok
20:08:05.0445 4364 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:08:05.0445 4364 IPMIDRV - ok
20:08:05.0461 4364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:08:05.0476 4364 IPNAT - ok
20:08:05.0492 4364 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
20:08:05.0507 4364 iPod Service - ok
20:08:05.0507 4364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:08:05.0523 4364 IRENUM - ok
20:08:05.0523 4364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:08:05.0539 4364 isapnp - ok
20:08:05.0539 4364 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:08:05.0554 4364 iScsiPrt - ok
20:08:05.0554 4364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:08:05.0554 4364 kbdclass - ok
20:08:05.0570 4364 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:08:05.0570 4364 kbdhid - ok
20:08:05.0585 4364 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:05.0585 4364 KeyIso - ok
20:08:05.0601 4364 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:08:05.0601 4364 KSecDD - ok
20:08:05.0601 4364 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:08:05.0617 4364 KSecPkg - ok
20:08:05.0617 4364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:08:05.0648 4364 ksthunk - ok
20:08:05.0648 4364 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:08:05.0679 4364 KtmRm - ok
20:08:05.0679 4364 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:08:05.0710 4364 LanmanServer - ok
20:08:05.0710 4364 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:08:05.0741 4364 LanmanWorkstation - ok
20:08:05.0741 4364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:08:05.0773 4364 lltdio - ok
20:08:05.0773 4364 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:08:05.0804 4364 lltdsvc - ok
20:08:05.0804 4364 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:08:05.0819 4364 lmhosts - ok
20:08:05.0835 4364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:08:05.0835 4364 LSI_FC - ok
20:08:05.0851 4364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:08:05.0851 4364 LSI_SAS - ok
20:08:05.0866 4364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:08:05.0866 4364 LSI_SAS2 - ok
20:08:05.0882 4364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:08:05.0882 4364 LSI_SCSI - ok
20:08:05.0897 4364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:08:05.0913 4364 luafv - ok
20:08:05.0929 4364 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:08:05.0929 4364 MBAMProtector - ok
20:08:05.0991 4364 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:08:06.0007 4364 MBAMService - ok
20:08:06.0007 4364 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
20:08:06.0022 4364 McComponentHostService - ok
20:08:06.0022 4364 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:08:06.0038 4364 Mcx2Svc - ok
20:08:06.0053 4364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:08:06.0053 4364 megasas - ok
20:08:06.0069 4364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:08:06.0069 4364 MegaSR - ok
20:08:06.0085 4364 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
20:08:06.0085 4364 MEIx64 - ok
20:08:06.0085 4364 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:06.0116 4364 MMCSS - ok
20:08:06.0116 4364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:08:06.0147 4364 Modem - ok
20:08:06.0147 4364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:08:06.0163 4364 monitor - ok
20:08:06.0163 4364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:08:06.0178 4364 mouclass - ok
20:08:06.0178 4364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:08:06.0178 4364 mouhid - ok
20:08:06.0194 4364 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:08:06.0194 4364 mountmgr - ok
20:08:06.0209 4364 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:08:06.0209 4364 mpio - ok
20:08:06.0225 4364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:08:06.0241 4364 mpsdrv - ok
20:08:06.0256 4364 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:08:06.0287 4364 MpsSvc - ok
20:08:06.0287 4364 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:08:06.0303 4364 MRxDAV - ok
20:08:06.0319 4364 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:06.0319 4364 mrxsmb - ok
20:08:06.0334 4364 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:06.0334 4364 mrxsmb10 - ok
20:08:06.0350 4364 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:06.0350 4364 mrxsmb20 - ok
20:08:06.0365 4364 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:08:06.0365 4364 msahci - ok
20:08:06.0381 4364 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:08:06.0381 4364 msdsm - ok
20:08:06.0381 4364 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:08:06.0397 4364 MSDTC - ok
20:08:06.0412 4364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:08:06.0428 4364 Msfs - ok
20:08:06.0428 4364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:08:06.0459 4364 mshidkmdf - ok
20:08:06.0459 4364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:08:06.0459 4364 msisadrv - ok
20:08:06.0475 4364 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:08:06.0490 4364 MSiSCSI - ok
20:08:06.0506 4364 msiserver - ok
20:08:06.0506 4364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:08:06.0537 4364 MSKSSRV - ok
20:08:06.0537 4364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:06.0553 4364 MSPCLOCK - ok
20:08:06.0568 4364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:08:06.0584 4364 MSPQM - ok
20:08:06.0599 4364 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:08:06.0615 4364 MsRPC - ok
20:08:06.0615 4364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:08:06.0615 4364 mssmbios - ok
20:08:06.0631 4364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:08:06.0646 4364 MSTEE - ok
20:08:06.0662 4364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:08:06.0662 4364 MTConfig - ok
20:08:06.0662 4364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:08:06.0677 4364 Mup - ok
20:08:06.0677 4364 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:08:06.0709 4364 napagent - ok
20:08:06.0724 4364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:08:06.0724 4364 NativeWifiP - ok
20:08:06.0740 4364 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:08:06.0755 4364 NDIS - ok
20:08:06.0771 4364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:08:06.0787 4364 NdisCap - ok
20:08:06.0802 4364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:06.0818 4364 NdisTapi - ok
20:08:06.0818 4364 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:06.0849 4364 Ndisuio - ok
20:08:06.0849 4364 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:06.0880 4364 NdisWan - ok
20:08:06.0880 4364 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:08:06.0896 4364 NDProxy - ok
20:08:06.0911 4364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:08:06.0927 4364 NetBIOS - ok
20:08:06.0943 4364 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:08:06.0958 4364 NetBT - ok
20:08:06.0974 4364 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:06.0974 4364 Netlogon - ok
20:08:06.0989 4364 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:08:07.0005 4364 Netman - ok
20:08:07.0021 4364 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:08:07.0036 4364 netprofm - ok
20:08:07.0052 4364 netr28ux (01a8a17c17e548db1b6c2e597c0c66e6) C:\Windows\system32\DRIVERS\netr28ux.sys
20:08:07.0067 4364 netr28ux - ok
20:08:07.0083 4364 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:08:07.0083 4364 NetTcpPortSharing - ok
20:08:07.0083 4364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:08:07.0099 4364 nfrd960 - ok
20:08:07.0099 4364 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:08:07.0130 4364 NlaSvc - ok
20:08:07.0130 4364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:08:07.0161 4364 Npfs - ok
20:08:07.0161 4364 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:08:07.0177 4364 nsi - ok
20:08:07.0192 4364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:08:07.0208 4364 nsiproxy - ok
20:08:07.0239 4364 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:08:07.0255 4364 Ntfs - ok
20:08:07.0270 4364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:08:07.0286 4364 Null - ok
20:08:07.0301 4364 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
20:08:07.0301 4364 NVHDA - ok
20:08:07.0379 4364 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:08:07.0504 4364 nvlddmkm - ok
20:08:07.0520 4364 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:08:07.0520 4364 nvraid - ok
20:08:07.0520 4364 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:08:07.0535 4364 nvstor - ok
20:08:07.0551 4364 NvStUSB (4dc87cda61d7b185e79618581f46b85a) C:\Windows\system32\drivers\nvstusb.sys
20:08:07.0551 4364 NvStUSB - ok
20:08:07.0567 4364 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
20:08:07.0598 4364 nvsvc - ok
20:08:07.0613 4364 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:08:07.0645 4364 nvUpdatusService - ok
20:08:07.0645 4364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:08:07.0660 4364 nv_agp - ok
20:08:07.0660 4364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:08:07.0676 4364 ohci1394 - ok
20:08:07.0676 4364 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:08:07.0691 4364 ose - ok
20:08:07.0723 4364 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:08:07.0801 4364 osppsvc - ok
20:08:07.0801 4364 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:07.0816 4364 p2pimsvc - ok
20:08:07.0816 4364 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:08:07.0832 4364 p2psvc - ok
20:08:07.0847 4364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:08:07.0847 4364 Parport - ok
20:08:07.0863 4364 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:08:07.0863 4364 partmgr - ok
20:08:07.0879 4364 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:08:07.0879 4364 PcaSvc - ok
20:08:07.0894 4364 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:08:07.0894 4364 pci - ok
20:08:07.0910 4364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:08:07.0910 4364 pciide - ok
20:08:07.0925 4364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:08:07.0925 4364 pcmcia - ok
20:08:07.0941 4364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:08:07.0941 4364 pcw - ok
20:08:07.0957 4364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:08:07.0972 4364 PEAUTH - ok
20:08:07.0988 4364 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:08:07.0988 4364 PerfHost - ok
20:08:08.0019 4364 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:08:08.0050 4364 pla - ok
20:08:08.0050 4364 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:08:08.0066 4364 PlugPlay - ok
20:08:08.0066 4364 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:08:08.0081 4364 PNRPAutoReg - ok
20:08:08.0081 4364 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:08.0097 4364 PNRPsvc - ok
20:08:08.0113 4364 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:08:08.0128 4364 PolicyAgent - ok
20:08:08.0144 4364 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:08:08.0159 4364 Power - ok
20:08:08.0175 4364 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:08:08.0191 4364 PptpMiniport - ok
20:08:08.0206 4364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:08:08.0206 4364 Processor - ok
20:08:08.0222 4364 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:08:08.0237 4364 ProfSvc - ok
20:08:08.0237 4364 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:08.0253 4364 ProtectedStorage - ok
20:08:08.0253 4364 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:08:08.0284 4364 Psched - ok
20:08:08.0284 4364 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
20:08:08.0300 4364 PSI - ok
20:08:08.0300 4364 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:08:08.0300 4364 PxHlpa64 - ok
20:08:08.0315 4364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:08:08.0347 4364 ql2300 - ok
20:08:08.0347 4364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:08:08.0362 4364 ql40xx - ok
20:08:08.0362 4364 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:08:08.0378 4364 QWAVE - ok
20:08:08.0393 4364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:08:08.0393 4364 QWAVEdrv - ok
20:08:08.0409 4364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:08:08.0425 4364 RasAcd - ok
20:08:08.0440 4364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:08.0456 4364 RasAgileVpn - ok
20:08:08.0456 4364 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:08:08.0487 4364 RasAuto - ok
20:08:08.0487 4364 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:08.0518 4364 Rasl2tp - ok
20:08:08.0518 4364 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:08:08.0549 4364 RasMan - ok
20:08:08.0549 4364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:08.0581 4364 RasPppoe - ok
20:08:08.0581 4364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:08:08.0612 4364 RasSstp - ok
20:08:08.0612 4364 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:08:08.0643 4364 rdbss - ok
20:08:08.0643 4364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:08:08.0659 4364 rdpbus - ok
20:08:08.0659 4364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:08.0690 4364 RDPCDD - ok
20:08:08.0690 4364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:08:08.0705 4364 RDPENCDD - ok
20:08:08.0721 4364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:08:08.0737 4364 RDPREFMP - ok
20:08:08.0752 4364 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:08:08.0752 4364 RDPWD - ok
20:08:08.0768 4364 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:08:08.0783 4364 rdyboost - ok
20:08:08.0783 4364 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:08:08.0799 4364 RemoteAccess - ok
20:08:08.0815 4364 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:08:08.0830 4364 RemoteRegistry - ok
20:08:08.0846 4364 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:08:08.0861 4364 RpcEptMapper - ok
20:08:08.0877 4364 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:08:08.0877 4364 RpcLocator - ok
20:08:08.0893 4364 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:08:08.0908 4364 RpcSs - ok
20:08:08.0924 4364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:08:08.0939 4364 rspndr - ok
20:08:08.0955 4364 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:08:08.0955 4364 RTL8167 - ok
20:08:08.0971 4364 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:08.0971 4364 SamSs - ok
20:08:08.0986 4364 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:08:08.0986 4364 sbp2port - ok
20:08:09.0002 4364 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:08:09.0017 4364 SCardSvr - ok
20:08:09.0033 4364 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:08:09.0049 4364 scfilter - ok
20:08:09.0064 4364 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:08:09.0095 4364 Schedule - ok
20:08:09.0095 4364 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:08:09.0111 4364 SCPolicySvc - ok
20:08:09.0127 4364 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:08:09.0142 4364 SDRSVC - ok
20:08:09.0142 4364 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:08:09.0142 4364 SeaPort - ok
20:08:09.0158 4364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:08:09.0173 4364 secdrv - ok
20:08:09.0173 4364 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:08:09.0205 4364 seclogon - ok
20:08:09.0236 4364 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) D:\Program Files (x86)\Secunia\PSI\PSIA.exe
20:08:09.0236 4364 Secunia PSI Agent - ok
20:08:09.0267 4364 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) D:\Program Files (x86)\Secunia\PSI\sua.exe
20:08:09.0283 4364 Secunia Update Agent - ok
20:08:09.0283 4364 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:08:09.0298 4364 SENS - ok
20:08:09.0314 4364 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:08:09.0314 4364 SensrSvc - ok
20:08:09.0329 4364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:08:09.0329 4364 Serenum - ok
20:08:09.0345 4364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:08:09.0345 4364 Serial - ok
20:08:09.0361 4364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:08:09.0361 4364 sermouse - ok
20:08:09.0376 4364 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:08:09.0392 4364 SessionEnv - ok
20:08:09.0407 4364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:08:09.0407 4364 sffdisk - ok
20:08:09.0423 4364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:08:09.0423 4364 sffp_mmc - ok
20:08:09.0439 4364 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:08:09.0439 4364 sffp_sd - ok
20:08:09.0454 4364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:08:09.0454 4364 sfloppy - ok
20:08:09.0470 4364 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:08:09.0485 4364 Sftfs - ok
20:08:09.0485 4364 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:08:09.0501 4364 sftlist - ok
20:08:09.0501 4364 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:08:09.0517 4364 Sftplay - ok
20:08:09.0517 4364 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:08:09.0517 4364 Sftredir - ok
20:08:09.0532 4364 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:08:09.0532 4364 Sftvol - ok
20:08:09.0532 4364 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:08:09.0548 4364 sftvsa - ok
20:08:09.0548 4364 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:08:09.0579 4364 SharedAccess - ok
20:08:09.0595 4364 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:08:09.0610 4364 ShellHWDetection - ok
20:08:09.0610 4364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:08:09.0626 4364 SiSRaid2 - ok
20:08:09.0626 4364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:08:09.0641 4364 SiSRaid4 - ok
20:08:09.0641 4364 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:08:09.0641 4364 SkypeUpdate - ok
20:08:09.0657 4364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:08:09.0673 4364 Smb - ok
20:08:09.0688 4364 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:08:09.0688 4364 SNMPTRAP - ok
20:08:09.0704 4364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:08:09.0704 4364 spldr - ok
20:08:09.0719 4364 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:08:09.0735 4364 Spooler - ok
20:08:09.0766 4364 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:08:09.0813 4364 sppsvc - ok
20:08:09.0829 4364 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:08:09.0844 4364 sppuinotify - ok
20:08:09.0860 4364 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:08:09.0860 4364 srv - ok
20:08:09.0875 4364 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:08:09.0891 4364 srv2 - ok
20:08:09.0891 4364 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:08:09.0907 4364 srvnet - ok
20:08:09.0907 4364 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:08:09.0938 4364 SSDPSRV - ok
20:08:09.0938 4364 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:08:09.0953 4364 SstpSvc - ok
20:08:09.0969 4364 Steam Client Service - ok
20:08:09.0969 4364 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:08:09.0969 4364 Stereo Service - ok
20:08:09.0985 4364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:08:09.0985 4364 stexstor - ok
20:08:10.0000 4364 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:08:10.0016 4364 stisvc - ok
20:08:10.0016 4364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:08:10.0031 4364 swenum - ok
20:08:10.0031 4364 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:08:10.0047 4364 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:08:10.0047 4364 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
20:08:10.0047 4364 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:08:10.0078 4364 swprv - ok
20:08:10.0094 4364 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:08:10.0125 4364 SysMain - ok
20:08:10.0125 4364 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:08:10.0141 4364 TabletInputService - ok
20:08:10.0156 4364 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:08:10.0187 4364 TapiSrv - ok
20:08:10.0187 4364 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:08:10.0203 4364 TBS - ok
20:08:10.0234 4364 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:08:10.0265 4364 Tcpip - ok
20:08:10.0281 4364 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:08:10.0297 4364 TCPIP6 - ok
20:08:10.0312 4364 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:08:10.0328 4364 tcpipreg - ok
20:08:10.0328 4364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:08:10.0343 4364 TDPIPE - ok
20:08:10.0343 4364 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:08:10.0359 4364 TDTCP - ok
20:08:10.0359 4364 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:08:10.0390 4364 tdx - ok
20:08:10.0406 4364 TeamViewer7 (641500967e5e87cf026df0193ab84ea7) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:08:10.0437 4364 TeamViewer7 - ok
20:08:10.0453 4364 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:08:10.0453 4364 TermDD - ok
20:08:10.0468 4364 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:08:10.0484 4364 TermService - ok
20:08:10.0499 4364 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:08:10.0499 4364 Themes - ok
20:08:10.0515 4364 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:10.0531 4364 THREADORDER - ok
20:08:10.0546 4364 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:08:10.0562 4364 TrkWks - ok
20:08:10.0562 4364 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:08:10.0593 4364 TrustedInstaller - ok
20:08:10.0593 4364 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:10.0609 4364 tssecsrv - ok
20:08:10.0624 4364 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:08:10.0624 4364 TsUsbFlt - ok
20:08:10.0640 4364 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:08:10.0640 4364 TsUsbGD - ok
20:08:10.0655 4364 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:08:10.0671 4364 tunnel - ok
20:08:10.0687 4364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:08:10.0687 4364 uagp35 - ok
20:08:10.0702 4364 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:08:10.0718 4364 udfs - ok
20:08:10.0733 4364 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:08:10.0733 4364 UI0Detect - ok
20:08:10.0749 4364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:08:10.0749 4364 uliagpkx - ok
20:08:10.0749 4364 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:08:10.0765 4364 umbus - ok
20:08:10.0765 4364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:08:10.0780 4364 UmPass - ok
20:08:10.0780 4364 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:08:10.0811 4364 upnphost - ok
20:08:10.0811 4364 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:10.0827 4364 usbccgp - ok
20:08:10.0827 4364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:08:10.0843 4364 usbcir - ok
20:08:10.0843 4364 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:08:10.0858 4364 usbehci - ok
20:08:10.0858 4364 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
20:08:10.0874 4364 usbhub - ok
20:08:10.0889 4364 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:08:10.0889 4364 usbohci - ok
20:08:10.0889 4364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:08:10.0905 4364 usbprint - ok
20:08:10.0905 4364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:08:10.0921 4364 usbscan - ok
20:08:10.0936 4364 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:10.0936 4364 USBSTOR - ok
20:08:10.0936 4364 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:08:10.0952 4364 usbuhci - ok
20:08:10.0952 4364 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:08:10.0983 4364 UxSms - ok
20:08:10.0983 4364 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:10.0983 4364 VaultSvc - ok
20:08:10.0999 4364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:08:10.0999 4364 vdrvroot - ok
20:08:11.0014 4364 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:08:11.0045 4364 vds - ok
20:08:11.0045 4364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:11.0061 4364 vga - ok
20:08:11.0061 4364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:08:11.0077 4364 VgaSave - ok
20:08:11.0092 4364 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:08:11.0092 4364 vhdmp - ok
20:08:11.0108 4364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:08:11.0108 4364 viaide - ok
20:08:11.0123 4364 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:08:11.0123 4364 volmgr - ok
20:08:11.0139 4364 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:08:11.0139 4364 volmgrx - ok
20:08:11.0155 4364 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:08:11.0155 4364 volsnap - ok
20:08:11.0170 4364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:08:11.0170 4364 vsmraid - ok
20:08:11.0186 4364 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:08:11.0233 4364 VSS - ok
20:08:11.0233 4364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:08:11.0248 4364 vwifibus - ok
20:08:11.0248 4364 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:08:11.0279 4364 W32Time - ok
20:08:11.0279 4364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:08:11.0295 4364 WacomPen - ok
20:08:11.0295 4364 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:11.0326 4364 WANARP - ok
20:08:11.0326 4364 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:11.0342 4364 Wanarpv6 - ok
20:08:11.0357 4364 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:08:11.0373 4364 wbengine - ok
20:08:11.0389 4364 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:08:11.0404 4364 WbioSrvc - ok
20:08:11.0404 4364 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:08:11.0420 4364 wcncsvc - ok
20:08:11.0435 4364 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:08:11.0435 4364 WcsPlugInService - ok
20:08:11.0435 4364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:08:11.0451 4364 Wd - ok
20:08:11.0467 4364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:08:11.0467 4364 Wdf01000 - ok
20:08:11.0482 4364 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:11.0498 4364 WdiServiceHost - ok
20:08:11.0498 4364 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:11.0513 4364 WdiSystemHost - ok
20:08:11.0529 4364 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:08:11.0529 4364 WebClient - ok
20:08:11.0545 4364 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:08:11.0560 4364 Wecsvc - ok
20:08:11.0576 4364 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:08:11.0591 4364 wercplsupport - ok
20:08:11.0607 4364 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:08:11.0623 4364 WerSvc - ok
20:08:11.0638 4364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:08:11.0654 4364 WfpLwf - ok
20:08:11.0654 4364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:08:11.0669 4364 WIMMount - ok
20:08:11.0669 4364 WinDefend - ok
20:08:11.0669 4364 WinHttpAutoProxySvc - ok
20:08:11.0685 4364 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:08:11.0701 4364 Winmgmt - ok
20:08:11.0716 4364 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:08:11.0763 4364 WinRM - ok
20:08:11.0763 4364 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:08:11.0779 4364 WinUsb - ok
20:08:11.0794 4364 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:08:11.0810 4364 Wlansvc - ok
20:08:11.0810 4364 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:08:11.0810 4364 wlcrasvc - ok
20:08:11.0841 4364 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:08:11.0872 4364 wlidsvc - ok
20:08:11.0872 4364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:08:11.0872 4364 WmiAcpi - ok
20:08:11.0888 4364 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:08:11.0903 4364 wmiApSrv - ok
20:08:11.0903 4364 WMPNetworkSvc - ok
20:08:11.0903 4364 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:08:11.0919 4364 WPCSvc - ok
20:08:11.0919 4364 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:08:11.0935 4364 WPDBusEnum - ok
20:08:11.0935 4364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:08:11.0950 4364 ws2ifsl - ok
20:08:11.0966 4364 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:08:11.0981 4364 wscsvc - ok
20:08:11.0981 4364 WSearch - ok
20:08:11.0997 4364 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:08:12.0044 4364 wuauserv - ok
20:08:12.0059 4364 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:08:12.0075 4364 WudfPf - ok
20:08:12.0091 4364 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:08:12.0106 4364 WUDFRd - ok
20:08:12.0106 4364 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:08:12.0137 4364 wudfsvc - ok
20:08:12.0137 4364 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:08:12.0153 4364 WwanSvc - ok
20:08:12.0169 4364 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:08:12.0231 4364 \Device\Harddisk0\DR0 - ok
20:08:12.0231 4364 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:08:12.0247 4364 \Device\Harddisk1\DR1 - ok
20:08:12.0262 4364 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
20:08:12.0403 4364 \Device\Harddisk2\DR2 - ok
20:08:12.0761 4364 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
20:08:12.0886 4364 \Device\Harddisk3\DR3 - ok
20:08:13.0229 4364 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
20:08:13.0354 4364 \Device\Harddisk4\DR4 - ok
20:08:13.0385 4364 Boot (0x1200) (1fa00531efb1c73b1ca7796f567eccca) \Device\Harddisk0\DR0\Partition0
20:08:13.0385 4364 \Device\Harddisk0\DR0\Partition0 - ok
20:08:13.0385 4364 Boot (0x1200) (b44a4b1dfb9d5bf0d903602cb78c02c7) \Device\Harddisk1\DR1\Partition0
20:08:13.0385 4364 \Device\Harddisk1\DR1\Partition0 - ok
20:08:13.0385 4364 Boot (0x1200) (27c66fce0ac61f8dcdb1680c2a7f5b46) \Device\Harddisk2\DR2\Partition0
20:08:13.0401 4364 \Device\Harddisk2\DR2\Partition0 - ok
20:08:13.0401 4364 Boot (0x1200) (1360c5e4e238af13f7adc068cc0a6afe) \Device\Harddisk3\DR3\Partition0
20:08:13.0401 4364 \Device\Harddisk3\DR3\Partition0 - ok
20:08:13.0401 4364 Boot (0x1200) (b8bc9b0d8a707a9d85028c63e63f3021) \Device\Harddisk4\DR4\Partition0
20:08:13.0401 4364 \Device\Harddisk4\DR4\Partition0 - ok
20:08:13.0401 4364 ============================================================
20:08:13.0401 4364 Scan finished
20:08:13.0401 4364 ============================================================
20:08:13.0401 0764 Detected object count: 2
20:08:13.0401 0764 Actual detected object count: 2
20:10:51.0632 0764 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:10:51.0632 0764 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:10:51.0632 0764 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:10:51.0632 0764 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.03.2012, 21:05
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2012, 18:52
| #12 |
| | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Hallo Arne, ich habe jetzt den ComboFix-Log: Code:
ATTFilter ComboFix 12-03-22.01 - admin 25.03.2012 18:48:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8109.6394 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
F:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-25 bis 2012-03-25 ))))))))))))))))))))))))))))))
.
.
2012-03-23 07:01 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C56A2759-055F-4D04-BD0B-5F66194AF0ED}\mpengine.dll
2012-03-22 08:14 . 2012-03-22 08:14 -------- d-----w- c:\program files\Java
2012-03-22 08:07 . 2012-03-22 08:07 -------- d-----w- C:\_OTL
2012-03-21 21:11 . 2012-03-21 21:11 -------- d-----w- c:\users\admin\Tracing
2012-03-21 21:11 . 2012-03-21 21:11 -------- d-----w- c:\windows\en
2012-03-21 21:08 . 2012-03-21 21:08 -------- d-----w- c:\windows\es
2012-03-21 21:08 . 2012-03-21 21:08 -------- d-----w- c:\windows\de
2012-03-21 21:08 . 2012-03-21 21:08 -------- d-----w- c:\windows\nl
2012-03-21 21:03 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-03-21 21:03 . 2012-03-21 21:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11d7f7cd1cd07a602\MeshBetaRemover.exe
2012-03-21 21:03 . 2012-03-21 21:03 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eb829711cd07a601\DSETUP.dll
2012-03-21 21:03 . 2012-03-21 21:03 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eb829711cd07a601\DXSETUP.exe
2012-03-21 21:03 . 2012-03-21 21:03 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eb829711cd07a601\dsetup32.dll
2012-03-21 21:03 . 2012-03-21 21:11 -------- d-----w- c:\users\admin\AppData\Local\Windows Live
2012-03-21 08:15 . 2012-03-21 08:15 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-03-21 08:09 . 2012-03-21 08:09 -------- d-----w- c:\users\Tobias
2012-03-21 08:06 . 2012-03-22 08:14 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-21 08:06 . 2012-03-22 08:14 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 08:00 . 2012-03-21 08:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-21 08:00 . 2012-03-21 08:00 -------- d-----r- c:\program files (x86)\Skype
2012-03-21 07:56 . 2012-03-21 07:56 -------- d-----w- c:\users\admin\AppData\Local\Secunia PSI
2012-03-18 23:26 . 2012-03-18 23:26 -------- d-----w- c:\program files (x86)\ESET
2012-03-18 22:49 . 2012-03-18 22:49 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2012-03-18 22:49 . 2012-03-18 22:49 -------- d-----w- c:\programdata\Malwarebytes
2012-03-18 22:49 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 21:17 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 21:17 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:17 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:33 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 17:33 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 17:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 17:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 17:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 17:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 17:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 17:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:03 . 2012-03-13 20:03 -------- d-----w- c:\programdata\ALM
2012-03-13 19:47 . 2012-03-13 19:47 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-03-13 19:47 . 2012-03-13 19:47 -------- d-----w- c:\program files (x86)\My Company Name
2012-03-13 19:47 . 2012-03-13 19:47 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-03-13 19:46 . 2012-03-13 20:51 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-11 16:37 . 2007-12-07 01:08 108032 ----a-w- c:\windows\system32\E_ILMEFE.DLL
2012-03-11 16:37 . 2007-12-07 01:01 81408 ----a-w- c:\windows\system32\E_IBCBEFE.DLL
2012-03-11 16:37 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2012-03-11 16:37 . 2012-03-11 16:37 -------- d-----w- c:\programdata\EPSON
2012-03-08 21:31 . 2012-03-08 21:31 -------- d-----w- c:\users\admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 16:09 . 2012-03-08 16:09 -------- d-----w- c:\users\admin\AppData\Roaming\GMX
2012-03-08 16:09 . 2012-03-08 16:09 -------- d-----w- c:\programdata\GMX
2012-03-08 16:09 . 2009-12-02 16:20 135168 ----a-w- c:\windows\system32\UIGMXMON.DLL
2012-03-01 19:48 . 2012-03-01 20:51 -------- d-----w- c:\users\admin\AppData\Roaming\FileZilla
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 07:58 . 2011-12-01 16:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-10 18:55 . 2011-12-01 16:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 19:52 . 2011-12-17 16:08 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-11 10:14 . 2012-02-11 10:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-11 10:14 . 2012-02-11 10:14 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-11 10:14 . 2012-02-11 10:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-11 10:14 . 2012-02-11 10:14 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-04 22:39 . 2012-01-04 22:39 576536 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-01-04 10:44 . 2012-02-16 19:57 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 19:57 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 19:57 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 19:57 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 19:57 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2011-12-06 1242448]
"FileHippo.com"="d:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="d:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="d:\program files (x86)\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - d:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;d:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Secunia PSI Agent;Secunia PSI Agent;d:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;d:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-25 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-02-12 18:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxpdy2mc.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-25 19:31:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-25 17:31
.
Vor Suchlauf: 6.590.414.848 Bytes frei
Nach Suchlauf: 6.412.816.384 Bytes frei
.
- - End Of File - - 17EC91EC6C54864BC71A90196C4E3282
Tobias |
|
26.03.2012, 11:59
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 06:52
| #14 |
| | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Hallo Arne, ich habe den Scan wie beschrieben durchgeführt. Folgendes kam dabei heraus: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 07:47:15
-----------------------------
07:47:15.793 OS Version: Windows x64 6.1.7601 Service Pack 1
07:47:15.793 Number of processors: 4 586 0x2A07
07:47:15.793 ComputerName: ADMIN-PC UserName: admin
07:47:15.871 Initialize success
07:48:35.469 AVAST engine defs: 12032702
07:49:35.779 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:49:35.779 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
07:49:35.794 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
07:49:35.794 Disk 1 Vendor: M4-CT064 0009 Size: 61057MB BusType: 3
07:49:35.794 Disk 1 MBR read successfully
07:49:35.794 Disk 1 MBR scan
07:49:35.794 Disk 1 Windows 7 default MBR code
07:49:35.810 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61056 MB offset 2048
07:49:35.810 Disk 1 scanning C:\Windows\system32\drivers
07:49:37.729 Service scanning
07:49:42.799 Modules scanning
07:49:42.799 Disk 1 trace - called modules:
07:49:42.799 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
07:49:42.815 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80094b2060]
07:49:42.815 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80082bd050]
07:49:42.924 AVAST engine scan C:\Windows
07:49:43.345 AVAST engine scan C:\Windows\system32
07:50:24.309 AVAST engine scan C:\Windows\system32\drivers
07:50:26.478 AVAST engine scan C:\Users\admin
07:50:28.272 File: C:\Users\admin\AppData\Local\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
07:50:28.303 File: C:\Users\admin\AppData\Local\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
07:50:31.829 AVAST engine scan C:\ProgramData
07:50:37.710 Scan finished successfully
07:50:57.023 Disk 1 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
07:50:57.023 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
Tobias |
|
28.03.2012, 11:29
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG |
| 4d36e972-e325-11ce-bfc1-08002be10318, administrator, adobe after effects, anti-malware, autostart, bingbar, code, dateien, dateisystem, desktop, downloader, erfolgreich, erstellt, escan, eset-log, explorer, failed, found, heuristiks/extra, heuristiks/shuriken, microsoft, minute, mozilla thunderbird, nvstor.sys, onlinescan, plug-in, problem, quarantäne, registrierung, searchscopes, security scan, service, software, speicher, test, version, version=1.0, windows, wrapper |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
