Bundepolizei Trojaner - ...\Temporary Internet Files\Content.IE5\TFYDY7IU\91_217_200_105[1].htm

covellite · 24.03.2012, 16:35

Hallo,

also, als Erstes, bitte entschuldigt mein schlechtes Deutsch - das ist nicht meine Muttersprache. Ich werde mein Bestes geben, mich verständlich auszudrucken.

Ich suche Hilfe mit der Entfernung dieses Trojaner. Avira kriegt das nicht hin und ich kenne mich leider nicht damit aus

Wenn ich mich mit dem 'Admin' Konto anmelde, erscheint fast sofort diese 'Bundespolizei' Meldung - Task Manager lässt sich nicht ausführen und ich habe keinen Zugriff aufs Desktop.

Habe von einem anderen Konto aus eine Vollständige Systemprüfung mit Avira laufen lassen und den Befund in Quarantäne gestellt - trotzdem bleibt das Problem bestehen.

Habe inzwischen gemerket, das ich beim infizierten Konto mit Alt+Tab zu Windows Explorer wechseln kann. Lass dann Avira nochmal darüber laufen, stelle alles wieder in Quarantäne - gleiches Ergebnis.

3. Versuch mit Avira - diesmal wähle ich 'Löschen' aus. Aber das Problem ist immer noch da.

Ich habe keine Ahnung, was ich als Nächstes tun soll.

Es folgen die gewünschte Log-Dateien. Ich habe die Logs von Avira gezippt und angehängt.

Bin dankbar für jedliche Hilfe!

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 24/03/2012 (Mareike)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_29
Run by Mareike at 15:53:23 on 2012-03-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8169.6053 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskmgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=fa0964e100000000000000268312aa4d
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] 
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>] 
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
StartupFolder: C:\Users\Mareike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{718BAB93-B443-45C1-9497-4ADF3B94C612} : DhcpNameServer = 192.168.2.1
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{AE7CD045-E861-484f-8273-0445EE161910}
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [(Standard)] 
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-13 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-13 269480]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-6-21 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2011-6-21 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-6-23 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-13 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 2348352]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-03-19 08:38:38	592824	----a-w-	C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 08:38:38	44472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 05:53:47	5559152	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-14 05:53:47	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:53:47	3913584	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 05:50:54	8643640	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52B71A7E-0919-449C-8D50-5A0AA6607511}\mpengine.dll
2012-03-14 05:50:45	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-03-14 05:50:45	1544192	----a-w-	C:\Windows\System32\DWrite.dll
2012-03-14 05:50:44	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-03-14 05:50:44	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-03-14 05:50:44	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-03-14 05:50:44	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 05:50:44	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 05:50:44	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-03-14 05:50:44	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-03-14 05:50:44	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-03-11 19:23:51	306688	----a-w-	C:\Windows\IsUninst.exe
.
==================== Find3M  ====================
.
2012-02-23 09:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-10 03:14:04	6074176	----a-w-	C:\Windows\System32\nvcpl.dll
2012-02-10 03:14:01	3089728	----a-w-	C:\Windows\System32\nvsvc64.dll
2012-02-10 03:07:03	2561856	----a-w-	C:\Windows\System32\nvsvcr.dll
2012-02-10 03:07:00	889664	----a-w-	C:\Windows\System32\nvvsvc.exe
2012-02-10 03:07:00	63296	----a-w-	C:\Windows\System32\nvshext.dll
2012-02-10 03:07:00	118080	----a-w-	C:\Windows\System32\nvmctray.dll
2012-02-10 03:05:59	2497985	----a-w-	C:\Windows\System32\nvcoproc.bin
2012-01-17 12:46:01	31040	----a-w-	C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56	188224	----a-w-	C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55	1451840	----a-w-	C:\Windows\System32\nvhdagenco6420103.dll
2012-01-04 10:44:20	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08	515584	----a-w-	C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56	478720	----a-w-	C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24	498688	----a-w-	C:\Windows\System32\drivers\afd.sys
2011-12-27 13:51:57	18960	----a-w-	C:\Windows\System32\drivers\LNonPnP.sys
2011-05-15 05:35:09	12535496	----a-w-	C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 15:53:42,43 ===============

cosinus · 25.03.2012, 17:32

Welche Sprache ist denn deine Muttersprache? Niederländisch?

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

covellite · 26.03.2012, 07:24

Nee. Ich bin Neuseelander

Hier das Log

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mareike :: ADMIN-PC [Administrator]

Schutz: Aktiviert

26.03.2012 07:37:23
mbam-log-2012-03-26 (07-37-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 496959
Laufzeit: 40 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Admin\AppData\Local\Temp\0.29425783270396944.exe (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.29425783270396944.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Muss jetzt zur Arbeit. ESET Scan mache ich nacher.

cosinus · 26.03.2012, 12:48

Na, als Neuseeländer wirst du ja Englisch können oder?

Wenn es bei dir mit dem Text auf Deutsch nicht immer klappt, dann poste ruhig auf Englisch, das sollte ich auch verstehen

covellite · 26.03.2012, 19:39

Roger that

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c14860959cdb594f835fe7b2d542000e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-26 06:34:48
# local_time=2012-03-26 08:34:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 189401 107679082 181692 0
# compatibility_mode=5893 16776574 100 94 723707 84412368 0 0
# compatibility_mode=8192 67108863 100 0 544 544 0 0
# scanned=271313
# found=3
# cleaned=0
# scan_time=4538
C:\Users\Admin\AppData\Local\Temp\Main.class	a variant of Java/Exploit.CVE-2011-3544.BF trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2fb62d5f-242a4104	a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)	00000000000000000000000000000000	I
T:\Important Apps and Drivers\freeripmp3-setup.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

cosinus · 26.03.2012, 21:16

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

covellite · 27.03.2012, 06:17

Alles klar. Hier die OTL Ergebnisse.

Code:

ATTFilter

OTL logfile created on: 27.03.2012 06:58:26 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mareike\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 80,78% Memory free
15,95 Gb Paging File | 14,30 Gb Available in Paging File | 89,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 27,66 Gb Free Space | 23,21% Space Free | Partition Type: NTFS
Drive D: | 642,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 7,45 Gb Total Space | 7,44 Gb Free Space | 99,90% Space Free | Partition Type: FAT32
Drive T: | 931,51 Gb Total Space | 790,50 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Mareike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.27 06:54:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mareike\Desktop\OTL.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.06.29 08:22:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.23 18:59:18 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2011.06.21 07:05:09 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2011.06.21 07:04:52 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2011.06.20 20:00:58 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 16:32:24 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.21 20:05:39 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll
MOD - [2012.02.21 19:36:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.21 19:36:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.21 19:36:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.21 19:36:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.21 19:36:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.21 19:35:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.21 19:35:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.21 19:35:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.03 15:10:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2011.10.22 18:01:18 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2011.10.22 14:50:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.21 07:05:09 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
MOD - [2011.06.21 07:04:32 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll
MOD - [2011.06.21 07:04:31 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.06.29 08:22:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.25 12:08:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.23 18:59:18 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2011.06.21 07:05:09 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011.06.21 07:04:52 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2011.06.20 20:00:58 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.11.01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.11.01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.10.24 18:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.06.29 08:22:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 08:22:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.21 07:04:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.08.10 11:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.08 17:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=fa0964e100000000000000268312aa4d
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=fa0964e100000000000000268312aa4d
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.15 09:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.20 21:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 10:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.17 07:46:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.20 21:56:21 | 000,000,000 | ---D | M]
 
[2011.05.13 18:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\Extensions
[2012.03.15 09:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\Firefox\Profiles\gl03g850.default\extensions
[2012.03.11 11:24:51 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Mareike\AppData\Roaming\mozilla\Firefox\Profiles\gl03g850.default\extensions\support@lastpass.com
[2012.02.22 16:31:58 | 000,000,933 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\11-suche.xml
[2012.02.22 16:31:58 | 000,002,419 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\englische-ergebnisse.xml
[2012.02.22 16:31:58 | 000,010,525 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\gmx-suche.xml
[2012.02.22 16:31:58 | 000,002,457 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\lastminute.xml
[2012.02.22 16:31:58 | 000,005,508 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\searchplugins\webde-suche.xml
[2012.01.16 09:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.15 09:44:05 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.03.19 10:38:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.30 18:38:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 18:38:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 18:38:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 18:38:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 18:38:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 18:38:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1003..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\Register\RegistrationReminder.exe (Ubisoft)
O4 - Startup: C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{718BAB93-B443-45C1-9497-4ADF3B94C612}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.04.30 18:57:48 | 000,001,452 | R--- | M] () - D:\Autorun.ini -- [ UDF ]
O32 - AutoRun File - [2001.02.13 02:04:06 | 000,000,046 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: AthBtTray - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
MsConfig:64bit - StartUpReg: AtherosBtStack - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.27 06:54:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Mareike\Desktop\OTL.exe
[2012.03.26 19:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.26 19:12:30 | 000,000,000 | ---D | C] -- C:\Users\Mareike\Desktop\Virenbekämpfung
[2012.03.26 07:33:08 | 000,000,000 | ---D | C] -- C:\Users\Mareike\AppData\Roaming\Malwarebytes
[2012.03.26 07:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.26 07:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.26 07:32:48 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.26 07:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.12 21:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.12 08:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
[2011.05.15 07:35:09 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.27 06:57:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 06:57:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 06:54:57 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.27 06:54:57 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.27 06:54:57 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.27 06:54:57 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.27 06:54:57 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.27 06:54:46 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mareike\Desktop\OTL.exe
[2012.03.27 06:50:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 06:50:36 | 2129,350,655 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.24 16:52:14 | 000,000,000 | ---- | M] () -- C:\Users\Mareike\defogger_reenable
[2012.03.19 11:17:38 | 002,621,370 | ---- | M] () -- C:\Users\Mareike\Desktop\Mareike-Arnold_Arbeitsproben.pdf
[2012.03.14 08:12:25 | 004,889,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.01 13:09:26 | 014,831,142 | ---- | M] () -- C:\Users\Mareike\Desktop\IMG_001.bmp
 
========== Files Created - No Company Name ==========
 
[2012.03.24 16:52:14 | 000,000,000 | ---- | C] () -- C:\Users\Mareike\defogger_reenable
[2012.03.19 10:50:27 | 002,621,370 | ---- | C] () -- C:\Users\Mareike\Desktop\Mareike-Arnold_Arbeitsproben.pdf
[2012.03.11 21:53:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate
[2012.03.01 13:09:54 | 014,831,142 | ---- | C] () -- C:\Users\Mareike\Desktop\IMG_001.bmp
[2012.01.25 20:15:48 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.02 20:52:55 | 000,000,218 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.01.02 20:51:55 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.12.26 00:04:49 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.26 00:04:48 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.12.26 00:04:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.12.26 00:04:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.12.26 00:04:48 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.12.26 00:04:48 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.12.26 00:04:48 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.12.26 00:04:48 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.12.26 00:04:48 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.12.26 00:04:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.12.26 00:04:48 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.12.26 00:04:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.12.26 00:04:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.12.26 00:04:48 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.12.26 00:04:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.12.26 00:04:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.12.26 00:04:48 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.12.26 00:04:48 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.12.26 00:04:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.12.26 00:04:13 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V500DEFGIPSRUk.ini
[2011.12.07 02:55:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.07.05 06:21:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.04 07:40:08 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.06.23 19:26:42 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011.06.23 19:25:54 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.06.21 07:06:29 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.06.21 07:06:23 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.06.20 20:01:20 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.20 20:00:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.13 17:03:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.13 06:24:07 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.13 06:24:01 | 000,026,999 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2011.06.25 14:09:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2012.01.02 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2011.09.18 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager
[2011.12.26 01:38:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2012.01.20 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia
[2011.10.27 20:01:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia Ovi Suite
[2011.10.30 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2011.09.22 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2012.02.10 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.10.04 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2011.12.26 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.03.27 06:52:18 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Dropbox
[2011.07.12 10:05:26 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\elsterformular
[2011.12.20 23:33:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\PC Suite
[2011.07.06 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\SaalDesignSoftware
[2011.07.08 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.19 18:59:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.26 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Adobe
[2011.07.08 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Adobe Mini Bridge CS5.1
[2011.09.13 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Avira
[2011.12.26 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.03.27 06:52:18 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Dropbox
[2011.07.12 10:05:26 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\elsterformular
[2011.05.13 17:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Identities
[2011.05.13 17:59:57 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Intel Corporation
[2011.05.15 07:37:47 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Macromedia
[2012.03.26 07:33:08 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Media Center Programs
[2012.03.27 06:57:56 | 000,000,000 | --SD | M] -- C:\Users\Mareike\AppData\Roaming\Microsoft
[2011.05.13 18:00:22 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\Mozilla
[2012.02.23 08:54:00 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\NVIDIA
[2011.12.20 23:33:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\PC Suite
[2011.07.06 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\SaalDesignSoftware
[2011.07.08 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\Mareike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mareike\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.21 13:44:35 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mareike\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.11.21 13:45:18 | 029,226,840 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\SaalDesignSoftware\Local Store\temp\SaalDesignSoftware2.9.2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 828 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

< End of report >

cosinus · 27.03.2012, 11:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=fa0964e100000000000000268312aa4d
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-524135167-1331212544-534617269-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=fa0964e100000000000000268312aa4d
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q="
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1003..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-524135167-1331212544-534617269-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

covellite · 27.03.2012, 18:03

Hi Arne,

ich habe den OTL-fix ausgeführt. Unten das Log...

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=fa0964e100000000000000268312aa4d&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-524135167-1331212544-534617269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 1879711404 bytes
->Temporary Internet Files folder emptied: 10200778 bytes
->Java cache emptied: 886054 bytes
->FireFox cache emptied: 314396256 bytes
->Flash cache emptied: 1669 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 314101 bytes
->Temporary Internet Files folder emptied: 49308364 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31986819 bytes
->Flash cache emptied: 57336 bytes
 
User: Mareike
->Temp folder emptied: 10227680 bytes
->Temporary Internet Files folder emptied: 383059 bytes
->Java cache emptied: 1396693 bytes
->FireFox cache emptied: 556923325 bytes
->Flash cache emptied: 80902 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28499596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.751,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_182051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 27.03.2012, 19:38

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

covellite · 27.03.2012, 20:35

So gemacht...

Code:

ATTFilter

21:31:03.0905 2376	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:31:04.0157 2376	============================================================
21:31:04.0157 2376	Current date / time: 2012/03/27 21:31:04.0157
21:31:04.0157 2376	SystemInfo:
21:31:04.0157 2376	
21:31:04.0157 2376	OS Version: 6.1.7601 ServicePack: 1.0
21:31:04.0157 2376	Product type: Workstation
21:31:04.0158 2376	ComputerName: ***
21:31:04.0158 2376	UserName: ***
21:31:04.0158 2376	Windows directory: C:\Windows
21:31:04.0158 2376	System windows directory: C:\Windows
21:31:04.0158 2376	Running under WOW64
21:31:04.0158 2376	Processor architecture: Intel x64
21:31:04.0158 2376	Number of processors: 4
21:31:04.0158 2376	Page size: 0x1000
21:31:04.0158 2376	Boot type: Normal boot
21:31:04.0158 2376	============================================================
21:31:04.0448 2376	Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:04.0449 2376	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:04.0459 2376	\Device\Harddisk0\DR0:
21:31:04.0460 2376	MBR used
21:31:04.0460 2376	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:31:04.0460 2376	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
21:31:04.0460 2376	\Device\Harddisk1\DR1:
21:31:04.0460 2376	MBR used
21:31:04.0460 2376	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:31:04.0503 2376	Initialize success
21:31:04.0503 2376	============================================================
21:31:37.0327 3376	============================================================
21:31:37.0327 3376	Scan started
21:31:37.0327 3376	Mode: Manual; SigCheck; TDLFS; 
21:31:37.0327 3376	============================================================
21:31:37.0396 3376	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:31:37.0456 3376	1394ohci - ok
21:31:37.0468 3376	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:31:37.0485 3376	ACPI - ok
21:31:37.0493 3376	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:31:37.0516 3376	AcpiPmi - ok
21:31:37.0529 3376	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:31:37.0550 3376	adp94xx - ok
21:31:37.0562 3376	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:31:37.0580 3376	adpahci - ok
21:31:37.0590 3376	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:31:37.0604 3376	adpu320 - ok
21:31:37.0613 3376	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:31:37.0671 3376	AeLookupSvc - ok
21:31:37.0684 3376	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:31:37.0705 3376	AFD - ok
21:31:37.0713 3376	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:31:37.0724 3376	agp440 - ok
21:31:37.0731 3376	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:31:37.0748 3376	ALG - ok
21:31:37.0755 3376	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:31:37.0765 3376	aliide - ok
21:31:37.0773 3376	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:31:37.0783 3376	amdide - ok
21:31:38.0293 3376	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:31:38.0309 3376	AmdK8 - ok
21:31:38.0316 3376	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:31:38.0331 3376	AmdPPM - ok
21:31:38.0339 3376	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:31:38.0352 3376	amdsata - ok
21:31:38.0361 3376	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:31:38.0375 3376	amdsbs - ok
21:31:38.0382 3376	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:31:38.0392 3376	amdxata - ok
21:31:38.0397 3376	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:31:38.0409 3376	AntiVirSchedulerService - ok
21:31:38.0416 3376	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:31:38.0427 3376	AntiVirService - ok
21:31:38.0435 3376	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:31:38.0477 3376	AppID - ok
21:31:38.0484 3376	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:31:38.0527 3376	AppIDSvc - ok
21:31:38.0535 3376	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:31:38.0576 3376	Appinfo - ok
21:31:38.0584 3376	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:31:38.0596 3376	arc - ok
21:31:38.0605 3376	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:31:38.0616 3376	arcsas - ok
21:31:38.0629 3376	asComSvc        (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
21:31:38.0680 3376	asComSvc - ok
21:31:38.0694 3376	asHmComSvc      (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
21:31:38.0718 3376	asHmComSvc - ok
21:31:38.0725 3376	AsIO            (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
21:31:38.0731 3376	AsIO - ok
21:31:38.0741 3376	AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
21:31:38.0758 3376	AsSysCtrlService - ok
21:31:38.0765 3376	AsUpIO          (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
21:31:38.0772 3376	AsUpIO - ok
21:31:38.0779 3376	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:38.0822 3376	AsyncMac - ok
21:31:38.0830 3376	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:31:38.0840 3376	atapi - ok
21:31:38.0847 3376	AthBTPort       (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
21:31:38.0855 3376	AthBTPort - ok
21:31:38.0862 3376	ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
21:31:38.0871 3376	ATHDFU - ok
21:31:38.0875 3376	AtherosSvc      (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:31:38.0881 3376	AtherosSvc - ok
21:31:38.0896 3376	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:31:38.0949 3376	AudioEndpointBuilder - ok
21:31:38.0960 3376	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:31:39.0009 3376	AudioSrv - ok
21:31:39.0019 3376	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:31:39.0027 3376	avgntflt - ok
21:31:39.0036 3376	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:31:39.0044 3376	avipbb - ok
21:31:39.0053 3376	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:31:39.0079 3376	AxInstSV - ok
21:31:39.0091 3376	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:31:39.0111 3376	b06bdrv - ok
21:31:39.0122 3376	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:31:39.0139 3376	b57nd60a - ok
21:31:39.0149 3376	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:31:39.0164 3376	BDESVC - ok
21:31:39.0172 3376	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:31:39.0214 3376	Beep - ok
21:31:39.0230 3376	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:31:39.0283 3376	BFE - ok
21:31:39.0299 3376	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:31:39.0355 3376	BITS - ok
21:31:39.0363 3376	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:31:39.0377 3376	blbdrive - ok
21:31:39.0386 3376	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:31:39.0399 3376	bowser - ok
21:31:39.0407 3376	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:31:39.0424 3376	BrFiltLo - ok
21:31:39.0431 3376	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:31:39.0448 3376	BrFiltUp - ok
21:31:39.0456 3376	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:31:39.0499 3376	Browser - ok
21:31:39.0510 3376	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:31:39.0530 3376	Brserid - ok
21:31:39.0538 3376	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:31:39.0555 3376	BrSerWdm - ok
21:31:39.0562 3376	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:31:39.0580 3376	BrUsbMdm - ok
21:31:39.0587 3376	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:31:39.0600 3376	BrUsbSer - ok
21:31:39.0611 3376	BTATH_A2DP      (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
21:31:39.0623 3376	BTATH_A2DP - ok
21:31:39.0631 3376	BTATH_BUS       (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
21:31:39.0638 3376	BTATH_BUS - ok
21:31:39.0647 3376	BTATH_HCRP      (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:31:39.0657 3376	BTATH_HCRP - ok
21:31:39.0665 3376	BTATH_LWFLT     (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:31:39.0673 3376	BTATH_LWFLT - ok
21:31:39.0682 3376	BTATH_RCP       (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:31:39.0691 3376	BTATH_RCP - ok
21:31:39.0703 3376	BtFilter        (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
21:31:39.0715 3376	BtFilter - ok
21:31:39.0723 3376	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:31:39.0737 3376	BthEnum - ok
21:31:39.0745 3376	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:31:39.0762 3376	BTHMODEM - ok
21:31:39.0771 3376	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:31:39.0789 3376	BthPan - ok
21:31:39.0802 3376	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:31:39.0824 3376	BTHPORT - ok
21:31:39.0832 3376	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:31:39.0875 3376	bthserv - ok
21:31:39.0883 3376	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:31:39.0897 3376	BTHUSB - ok
21:31:39.0905 3376	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:31:39.0949 3376	cdfs - ok
21:31:39.0959 3376	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:31:39.0975 3376	cdrom - ok
21:31:39.0983 3376	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:31:40.0026 3376	CertPropSvc - ok
21:31:40.0034 3376	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:31:40.0052 3376	circlass - ok
21:31:40.0063 3376	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:31:40.0081 3376	CLFS - ok
21:31:40.0086 3376	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:40.0096 3376	clr_optimization_v2.0.50727_32 - ok
21:31:40.0101 3376	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:40.0111 3376	clr_optimization_v2.0.50727_64 - ok
21:31:40.0120 3376	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:31:40.0136 3376	CmBatt - ok
21:31:40.0143 3376	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:31:40.0153 3376	cmdide - ok
21:31:40.0167 3376	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:31:40.0195 3376	CNG - ok
21:31:40.0203 3376	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:31:40.0213 3376	Compbatt - ok
21:31:40.0221 3376	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:31:40.0238 3376	CompositeBus - ok
21:31:40.0245 3376	COMSysApp - ok
21:31:40.0254 3376	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:31:40.0264 3376	crcdisk - ok
21:31:40.0275 3376	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:31:40.0318 3376	CryptSvc - ok
21:31:40.0334 3376	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:31:40.0388 3376	DcomLaunch - ok
21:31:40.0398 3376	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:31:40.0445 3376	defragsvc - ok
21:31:40.0454 3376	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:31:40.0496 3376	DfsC - ok
21:31:40.0508 3376	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:31:40.0554 3376	Dhcp - ok
21:31:40.0563 3376	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:31:40.0606 3376	discache - ok
21:31:40.0614 3376	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:31:40.0625 3376	Disk - ok
21:31:40.0634 3376	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:31:40.0650 3376	Dnscache - ok
21:31:40.0659 3376	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:31:40.0705 3376	dot3svc - ok
21:31:40.0713 3376	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:31:40.0756 3376	DPS - ok
21:31:40.0763 3376	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:31:40.0780 3376	drmkaud - ok
21:31:40.0799 3376	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:40.0827 3376	DXGKrnl - ok
21:31:40.0839 3376	e1cexpress      (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
21:31:40.0852 3376	e1cexpress - ok
21:31:40.0860 3376	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:31:40.0905 3376	EapHost - ok
21:31:40.0948 3376	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:31:41.0015 3376	ebdrv - ok
21:31:41.0023 3376	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:31:41.0036 3376	EFS - ok
21:31:41.0047 3376	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:31:41.0073 3376	ehRecvr - ok
21:31:41.0079 3376	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:31:41.0094 3376	ehSched - ok
21:31:41.0107 3376	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:31:41.0129 3376	elxstor - ok
21:31:41.0137 3376	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:31:41.0150 3376	ErrDev - ok
21:31:41.0165 3376	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:31:41.0214 3376	EventSystem - ok
21:31:41.0224 3376	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:31:41.0269 3376	exfat - ok
21:31:41.0279 3376	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:31:41.0325 3376	fastfat - ok
21:31:41.0333 3376	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:31:41.0347 3376	fdc - ok
21:31:41.0354 3376	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:31:41.0396 3376	fdPHost - ok
21:31:41.0404 3376	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:31:41.0447 3376	FDResPub - ok
21:31:41.0455 3376	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:31:41.0466 3376	FileInfo - ok
21:31:41.0473 3376	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:31:41.0517 3376	Filetrace - ok
21:31:41.0525 3376	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:31:41.0538 3376	flpydisk - ok
21:31:41.0549 3376	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:31:41.0565 3376	FltMgr - ok
21:31:41.0585 3376	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:31:41.0617 3376	FontCache - ok
21:31:41.0622 3376	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:31:41.0630 3376	FontCache3.0.0.0 - ok
21:31:41.0638 3376	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:31:41.0649 3376	FsDepends - ok
21:31:41.0657 3376	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:41.0666 3376	Fs_Rec - ok
21:31:41.0676 3376	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:31:41.0694 3376	fvevol - ok
21:31:41.0702 3376	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:31:41.0713 3376	gagp30kx - ok
21:31:41.0728 3376	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:31:41.0782 3376	gpsvc - ok
21:31:41.0793 3376	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:31:41.0806 3376	hcw85cir - ok
21:31:41.0817 3376	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:31:41.0840 3376	HdAudAddService - ok
21:31:41.0849 3376	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:41.0867 3376	HDAudBus - ok
21:31:41.0875 3376	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:31:41.0889 3376	HidBatt - ok
21:31:41.0897 3376	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:31:41.0915 3376	HidBth - ok
21:31:41.0923 3376	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:31:41.0940 3376	HidIr - ok
21:31:41.0947 3376	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:31:41.0991 3376	hidserv - ok
21:31:41.0999 3376	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:42.0012 3376	HidUsb - ok
21:31:42.0021 3376	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:31:42.0065 3376	hkmsvc - ok
21:31:42.0074 3376	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:31:42.0091 3376	HomeGroupListener - ok
21:31:42.0100 3376	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:31:42.0115 3376	HomeGroupProvider - ok
21:31:42.0123 3376	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:31:42.0134 3376	HpSAMD - ok
21:31:42.0149 3376	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:31:42.0203 3376	HTTP - ok
21:31:42.0211 3376	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:31:42.0220 3376	hwpolicy - ok
21:31:42.0229 3376	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:42.0243 3376	i8042prt - ok
21:31:42.0255 3376	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
21:31:42.0270 3376	iaStor - ok
21:31:42.0274 3376	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:31:42.0281 3376	IAStorDataMgrSvc - ok
21:31:42.0293 3376	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:31:42.0312 3376	iaStorV - ok
21:31:42.0319 3376	ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
21:31:42.0326 3376	ICCWDT - ok
21:31:42.0340 3376	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:31:42.0365 3376	idsvc - ok
21:31:42.0373 3376	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:31:42.0384 3376	iirsp - ok
21:31:42.0400 3376	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:31:42.0455 3376	IKEEXT - ok
21:31:42.0490 3376	IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
21:31:42.0545 3376	IntcAzAudAddService - ok
21:31:42.0553 3376	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:31:42.0563 3376	intelide - ok
21:31:42.0571 3376	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:42.0584 3376	intelppm - ok
21:31:42.0593 3376	Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
21:31:42.0602 3376	Intel® PROSet Monitoring Service - ok
21:31:42.0610 3376	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:31:42.0655 3376	IPBusEnum - ok
21:31:42.0664 3376	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:42.0706 3376	IpFilterDriver - ok
21:31:42.0720 3376	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:31:42.0770 3376	iphlpsvc - ok
21:31:42.0778 3376	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:31:42.0793 3376	IPMIDRV - ok
21:31:42.0802 3376	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:31:42.0846 3376	IPNAT - ok
21:31:42.0854 3376	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:31:42.0873 3376	IRENUM - ok
21:31:42.0881 3376	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:31:42.0892 3376	isapnp - ok
21:31:42.0902 3376	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:31:42.0917 3376	iScsiPrt - ok
21:31:42.0927 3376	JRAID           (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
21:31:42.0936 3376	JRAID - ok
21:31:42.0944 3376	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:42.0955 3376	kbdclass - ok
21:31:42.0962 3376	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:42.0976 3376	kbdhid - ok
21:31:42.0983 3376	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:42.0996 3376	KeyIso - ok
21:31:43.0004 3376	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:31:43.0016 3376	KSecDD - ok
21:31:43.0025 3376	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:31:43.0038 3376	KSecPkg - ok
21:31:43.0046 3376	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:31:43.0089 3376	ksthunk - ok
21:31:43.0100 3376	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:31:43.0149 3376	KtmRm - ok
21:31:43.0159 3376	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:31:43.0204 3376	LanmanServer - ok
21:31:43.0212 3376	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:31:43.0256 3376	LanmanWorkstation - ok
21:31:43.0266 3376	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
21:31:43.0273 3376	LGBusEnum - ok
21:31:43.0281 3376	LGSHidFilt      (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
21:31:43.0291 3376	LGSHidFilt - ok
21:31:43.0299 3376	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
21:31:43.0306 3376	LGVirHid - ok
21:31:43.0314 3376	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:43.0357 3376	lltdio - ok
21:31:43.0367 3376	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:31:43.0415 3376	lltdsvc - ok
21:31:43.0422 3376	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:31:43.0465 3376	lmhosts - ok
21:31:43.0476 3376	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:31:43.0489 3376	LSI_FC - ok
21:31:43.0498 3376	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:31:43.0510 3376	LSI_SAS - ok
21:31:43.0518 3376	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:31:43.0529 3376	LSI_SAS2 - ok
21:31:43.0538 3376	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:43.0551 3376	LSI_SCSI - ok
21:31:43.0559 3376	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:31:43.0604 3376	luafv - ok
21:31:43.0613 3376	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:31:43.0621 3376	MBAMProtector - ok
21:31:43.0632 3376	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:31:43.0652 3376	MBAMService - ok
21:31:43.0660 3376	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:31:43.0677 3376	Mcx2Svc - ok
21:31:43.0684 3376	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:31:43.0695 3376	megasas - ok
21:31:43.0706 3376	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:31:43.0722 3376	MegaSR - ok
21:31:43.0730 3376	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:31:43.0738 3376	MEIx64 - ok
21:31:43.0745 3376	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:31:43.0789 3376	MMCSS - ok
21:31:43.0797 3376	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:31:43.0840 3376	Modem - ok
21:31:43.0849 3376	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:31:43.0865 3376	monitor - ok
21:31:43.0874 3376	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:43.0885 3376	mouclass - ok
21:31:43.0893 3376	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:43.0907 3376	mouhid - ok
21:31:43.0915 3376	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:31:43.0927 3376	mountmgr - ok
21:31:43.0936 3376	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:31:43.0949 3376	mpio - ok
21:31:43.0958 3376	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:31:44.0001 3376	mpsdrv - ok
21:31:44.0018 3376	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:31:44.0073 3376	MpsSvc - ok
21:31:44.0083 3376	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:31:44.0104 3376	MRxDAV - ok
21:31:44.0114 3376	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:44.0130 3376	mrxsmb - ok
21:31:44.0141 3376	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:44.0158 3376	mrxsmb10 - ok
21:31:44.0167 3376	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:44.0181 3376	mrxsmb20 - ok
21:31:44.0189 3376	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:31:44.0199 3376	msahci - ok
21:31:44.0207 3376	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:31:44.0220 3376	msdsm - ok
21:31:44.0228 3376	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:31:44.0245 3376	MSDTC - ok
21:31:44.0254 3376	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:31:44.0297 3376	Msfs - ok
21:31:44.0304 3376	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:31:44.0347 3376	mshidkmdf - ok
21:31:44.0355 3376	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:31:44.0365 3376	msisadrv - ok
21:31:44.0374 3376	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:31:44.0424 3376	MSiSCSI - ok
21:31:44.0431 3376	msiserver - ok
21:31:44.0440 3376	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:44.0483 3376	MSKSSRV - ok
21:31:44.0491 3376	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:44.0534 3376	MSPCLOCK - ok
21:31:44.0542 3376	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:31:44.0585 3376	MSPQM - ok
21:31:44.0596 3376	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:31:44.0614 3376	MsRPC - ok
21:31:44.0624 3376	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:44.0634 3376	mssmbios - ok
21:31:44.0641 3376	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:31:44.0684 3376	MSTEE - ok
21:31:44.0691 3376	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:31:44.0704 3376	MTConfig - ok
21:31:44.0712 3376	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:31:44.0723 3376	Mup - ok
21:31:44.0734 3376	mv91xx          (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
21:31:44.0748 3376	mv91xx - ok
21:31:44.0761 3376	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:31:44.0810 3376	napagent - ok
21:31:44.0822 3376	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:44.0847 3376	NativeWifiP - ok
21:31:44.0866 3376	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:31:44.0896 3376	NDIS - ok
21:31:44.0905 3376	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:44.0948 3376	NdisCap - ok
21:31:44.0956 3376	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:44.0998 3376	NdisTapi - ok
21:31:45.0006 3376	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:45.0048 3376	Ndisuio - ok
21:31:45.0058 3376	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:45.0102 3376	NdisWan - ok
21:31:45.0110 3376	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:31:45.0152 3376	NDProxy - ok
21:31:45.0160 3376	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:31:45.0203 3376	NetBIOS - ok
21:31:45.0213 3376	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:31:45.0258 3376	NetBT - ok
21:31:45.0265 3376	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:45.0278 3376	Netlogon - ok
21:31:45.0289 3376	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:31:45.0337 3376	Netman - ok
21:31:45.0350 3376	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:31:45.0405 3376	netprofm - ok
21:31:45.0411 3376	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:45.0421 3376	NetTcpPortSharing - ok
21:31:45.0429 3376	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:31:45.0440 3376	nfrd960 - ok
21:31:45.0450 3376	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:31:45.0496 3376	NlaSvc - ok
21:31:45.0508 3376	nmwcd           (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
21:31:45.0537 3376	nmwcd - ok
21:31:45.0546 3376	nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
21:31:45.0573 3376	nmwcdc - ok
21:31:45.0581 3376	nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
21:31:45.0609 3376	nmwcdnsucx64 - ok
21:31:45.0619 3376	nmwcdnsux64     (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
21:31:45.0649 3376	nmwcdnsux64 - ok
21:31:45.0657 3376	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:31:45.0700 3376	Npfs - ok
21:31:45.0708 3376	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:31:45.0751 3376	nsi - ok
21:31:45.0759 3376	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:31:45.0802 3376	nsiproxy - ok
21:31:45.0832 3376	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:31:45.0880 3376	Ntfs - ok
21:31:45.0888 3376	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:31:45.0931 3376	Null - ok
21:31:45.0940 3376	nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:31:45.0952 3376	nusb3hub - ok
21:31:45.0962 3376	nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:31:45.0974 3376	nusb3xhc - ok
21:31:45.0985 3376	NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
21:31:45.0996 3376	NVHDA - ok
21:31:46.0146 3376	nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:46.0412 3376	nvlddmkm - ok
21:31:46.0424 3376	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:31:46.0437 3376	nvraid - ok
21:31:46.0447 3376	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:31:46.0460 3376	nvstor - ok
21:31:46.0477 3376	nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
21:31:46.0503 3376	nvsvc - ok
21:31:46.0531 3376	nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:31:46.0588 3376	nvUpdatusService - ok
21:31:46.0598 3376	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:31:46.0610 3376	nv_agp - ok
21:31:46.0618 3376	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:31:46.0632 3376	ohci1394 - ok
21:31:46.0637 3376	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:31:46.0646 3376	ose - ok
21:31:46.0657 3376	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:31:46.0679 3376	p2pimsvc - ok
21:31:46.0691 3376	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:31:46.0711 3376	p2psvc - ok
21:31:46.0720 3376	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:31:46.0734 3376	Parport - ok
21:31:46.0743 3376	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:31:46.0753 3376	partmgr - ok
21:31:46.0762 3376	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:31:46.0784 3376	PcaSvc - ok
21:31:46.0794 3376	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:31:46.0806 3376	pccsmcfd - ok
21:31:46.0816 3376	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:31:46.0830 3376	pci - ok
21:31:46.0838 3376	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:31:46.0848 3376	pciide - ok
21:31:46.0858 3376	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:31:46.0872 3376	pcmcia - ok
21:31:46.0880 3376	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:31:46.0890 3376	pcw - ok
21:31:46.0904 3376	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:31:46.0957 3376	PEAUTH - ok
21:31:46.0967 3376	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:31:46.0981 3376	PerfHost - ok
21:31:47.0009 3376	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:31:47.0075 3376	pla - ok
21:31:47.0088 3376	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:31:47.0110 3376	PlugPlay - ok
21:31:47.0118 3376	PnkBstrA - ok
21:31:47.0126 3376	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:31:47.0140 3376	PNRPAutoReg - ok
21:31:47.0150 3376	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:31:47.0167 3376	PNRPsvc - ok
21:31:47.0180 3376	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:31:47.0229 3376	PolicyAgent - ok
21:31:47.0240 3376	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:31:47.0286 3376	Power - ok
21:31:47.0295 3376	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:31:47.0338 3376	PptpMiniport - ok
21:31:47.0347 3376	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:31:47.0361 3376	Processor - ok
21:31:47.0371 3376	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:31:47.0416 3376	ProfSvc - ok
21:31:47.0423 3376	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:47.0436 3376	ProtectedStorage - ok
21:31:47.0446 3376	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:31:47.0488 3376	Psched - ok
21:31:47.0514 3376	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:31:47.0559 3376	ql2300 - ok
21:31:47.0569 3376	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:31:47.0582 3376	ql40xx - ok
21:31:47.0592 3376	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:31:47.0616 3376	QWAVE - ok
21:31:47.0624 3376	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:31:47.0644 3376	QWAVEdrv - ok
21:31:47.0651 3376	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:31:47.0694 3376	RasAcd - ok
21:31:47.0702 3376	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:31:47.0745 3376	RasAgileVpn - ok
21:31:47.0754 3376	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:31:47.0799 3376	RasAuto - ok
21:31:47.0808 3376	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:47.0852 3376	Rasl2tp - ok
21:31:47.0862 3376	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:31:47.0910 3376	RasMan - ok
21:31:47.0919 3376	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:47.0963 3376	RasPppoe - ok
21:31:47.0971 3376	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:31:48.0015 3376	RasSstp - ok
21:31:48.0026 3376	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:31:48.0072 3376	rdbss - ok
21:31:48.0079 3376	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:31:48.0096 3376	rdpbus - ok
21:31:48.0104 3376	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:48.0145 3376	RDPCDD - ok
21:31:48.0155 3376	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:31:48.0198 3376	RDPENCDD - ok
21:31:48.0208 3376	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:31:48.0249 3376	RDPREFMP - ok
21:31:48.0259 3376	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:31:48.0275 3376	RDPWD - ok
21:31:48.0286 3376	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:31:48.0300 3376	rdyboost - ok
21:31:48.0309 3376	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:31:48.0353 3376	RemoteAccess - ok
21:31:48.0362 3376	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:31:48.0409 3376	RemoteRegistry - ok
21:31:48.0418 3376	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:31:48.0437 3376	RFCOMM - ok
21:31:48.0445 3376	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:31:48.0490 3376	RpcEptMapper - ok
21:31:48.0498 3376	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:31:48.0512 3376	RpcLocator - ok
21:31:48.0525 3376	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:31:48.0574 3376	RpcSs - ok
21:31:48.0583 3376	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:31:48.0627 3376	rspndr - ok
21:31:48.0634 3376	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:48.0647 3376	SamSs - ok
21:31:48.0656 3376	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:31:48.0668 3376	sbp2port - ok
21:31:48.0677 3376	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:31:48.0723 3376	SCardSvr - ok
21:31:48.0732 3376	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:31:48.0773 3376	scfilter - ok
21:31:48.0792 3376	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:31:48.0853 3376	Schedule - ok
21:31:48.0862 3376	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:31:48.0903 3376	SCPolicySvc - ok
21:31:48.0912 3376	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:31:48.0929 3376	SDRSVC - ok
21:31:48.0937 3376	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:31:48.0980 3376	secdrv - ok
21:31:48.0987 3376	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:31:49.0029 3376	seclogon - ok
21:31:49.0037 3376	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:31:49.0081 3376	SENS - ok
21:31:49.0089 3376	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:31:49.0103 3376	SensrSvc - ok
21:31:49.0112 3376	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:31:49.0125 3376	Serenum - ok
21:31:49.0134 3376	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:31:49.0149 3376	Serial - ok
21:31:49.0158 3376	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:31:49.0172 3376	sermouse - ok
21:31:49.0183 3376	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:31:49.0207 3376	ServiceLayer - ok
21:31:49.0222 3376	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:31:49.0266 3376	SessionEnv - ok
21:31:49.0274 3376	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:31:49.0291 3376	sffdisk - ok
21:31:49.0298 3376	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:31:49.0315 3376	sffp_mmc - ok
21:31:49.0323 3376	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:31:49.0340 3376	sffp_sd - ok
21:31:49.0347 3376	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:31:49.0361 3376	sfloppy - ok
21:31:49.0373 3376	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:31:49.0422 3376	SharedAccess - ok
21:31:49.0434 3376	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:31:49.0483 3376	ShellHWDetection - ok
21:31:49.0492 3376	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:31:49.0502 3376	SiSRaid2 - ok
21:31:49.0511 3376	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:31:49.0523 3376	SiSRaid4 - ok
21:31:49.0531 3376	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:31:49.0575 3376	Smb - ok
21:31:49.0585 3376	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:31:49.0600 3376	SNMPTRAP - ok
21:31:49.0608 3376	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:31:49.0617 3376	spldr - ok
21:31:49.0631 3376	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:31:49.0680 3376	Spooler - ok
21:31:49.0728 3376	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:31:49.0828 3376	sppsvc - ok
21:31:49.0837 3376	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:31:49.0882 3376	sppuinotify - ok
21:31:49.0890 3376	Spyder3         (d8b882c520fc83547e22014ff5ec66d7) C:\Windows\system32\DRIVERS\Spyder3.sys
21:31:49.0902 3376	Spyder3 - ok
21:31:49.0915 3376	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:31:49.0936 3376	srv - ok
21:31:49.0949 3376	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:31:49.0968 3376	srv2 - ok
21:31:49.0978 3376	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:31:49.0993 3376	srvnet - ok
21:31:50.0003 3376	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:31:50.0048 3376	SSDPSRV - ok
21:31:50.0056 3376	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:31:50.0101 3376	SstpSvc - ok
21:31:50.0105 3376	Steam Client Service - ok
21:31:50.0114 3376	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:31:50.0124 3376	stexstor - ok
21:31:50.0138 3376	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:31:50.0168 3376	stisvc - ok
21:31:50.0176 3376	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:31:50.0185 3376	swenum - ok
21:31:50.0196 3376	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:31:50.0212 3376	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:31:50.0212 3376	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:31:50.0225 3376	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:31:50.0277 3376	swprv - ok
21:31:50.0305 3376	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:31:50.0356 3376	SysMain - ok
21:31:50.0365 3376	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:31:50.0387 3376	TabletInputService - ok
21:31:50.0398 3376	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:31:50.0444 3376	TapiSrv - ok
21:31:50.0453 3376	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:31:50.0496 3376	TBS - ok
21:31:50.0526 3376	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:31:50.0580 3376	Tcpip - ok
21:31:50.0611 3376	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:31:50.0656 3376	TCPIP6 - ok
21:31:50.0666 3376	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:31:50.0708 3376	tcpipreg - ok
21:31:50.0718 3376	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:31:50.0730 3376	TDPIPE - ok
21:31:50.0738 3376	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:31:50.0751 3376	TDTCP - ok
21:31:50.0760 3376	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:31:50.0803 3376	tdx - ok
21:31:50.0812 3376	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:31:50.0822 3376	TermDD - ok
21:31:50.0838 3376	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:31:50.0891 3376	TermService - ok
21:31:50.0899 3376	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:31:50.0920 3376	Themes - ok
21:31:50.0928 3376	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:31:50.0971 3376	THREADORDER - ok
21:31:50.0980 3376	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:31:51.0025 3376	TrkWks - ok
21:31:51.0032 3376	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:31:51.0076 3376	TrustedInstaller - ok
21:31:51.0087 3376	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:51.0129 3376	tssecsrv - ok
21:31:51.0138 3376	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:31:51.0151 3376	TsUsbFlt - ok
21:31:51.0159 3376	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:31:51.0172 3376	TsUsbGD - ok
21:31:51.0181 3376	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:31:51.0223 3376	tunnel - ok
21:31:51.0232 3376	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:31:51.0242 3376	uagp35 - ok
21:31:51.0254 3376	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:31:51.0300 3376	udfs - ok
21:31:51.0312 3376	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:31:51.0327 3376	UI0Detect - ok
21:31:51.0335 3376	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:31:51.0346 3376	uliagpkx - ok
21:31:51.0354 3376	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:31:51.0368 3376	umbus - ok
21:31:51.0376 3376	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:31:51.0389 3376	UmPass - ok
21:31:51.0400 3376	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:31:51.0448 3376	upnphost - ok
21:31:51.0457 3376	upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:31:51.0485 3376	upperdev - ok
21:31:51.0494 3376	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:51.0508 3376	usbccgp - ok
21:31:51.0517 3376	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:31:51.0535 3376	usbcir - ok
21:31:51.0543 3376	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:31:51.0556 3376	usbehci - ok
21:31:51.0568 3376	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:31:51.0587 3376	usbhub - ok
21:31:51.0595 3376	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:31:51.0608 3376	usbohci - ok
21:31:51.0616 3376	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:31:51.0633 3376	usbprint - ok
21:31:51.0641 3376	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:31:51.0659 3376	usbscan - ok
21:31:51.0667 3376	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
21:31:51.0681 3376	usbser - ok
21:31:51.0690 3376	UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
21:31:51.0716 3376	UsbserFilt - ok
21:31:51.0725 3376	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:51.0739 3376	USBSTOR - ok
21:31:51.0748 3376	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:31:51.0761 3376	usbuhci - ok
21:31:51.0769 3376	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:31:51.0813 3376	UxSms - ok
21:31:51.0821 3376	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:51.0834 3376	VaultSvc - ok
21:31:51.0842 3376	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:31:51.0852 3376	vdrvroot - ok
21:31:51.0866 3376	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:31:51.0917 3376	vds - ok
21:31:51.0925 3376	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:51.0942 3376	vga - ok
21:31:51.0950 3376	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:31:51.0993 3376	VgaSave - ok
21:31:52.0004 3376	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:31:52.0019 3376	vhdmp - ok
21:31:52.0027 3376	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:31:52.0037 3376	viaide - ok
21:31:52.0046 3376	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:31:52.0057 3376	volmgr - ok
21:31:52.0069 3376	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:31:52.0087 3376	volmgrx - ok
21:31:52.0098 3376	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:31:52.0114 3376	volsnap - ok
21:31:52.0124 3376	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:31:52.0137 3376	vsmraid - ok
21:31:52.0163 3376	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:31:52.0230 3376	VSS - ok
21:31:52.0239 3376	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:31:52.0256 3376	vwifibus - ok
21:31:52.0268 3376	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:31:52.0317 3376	W32Time - ok
21:31:52.0328 3376	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:31:52.0342 3376	WacomPen - ok
21:31:52.0351 3376	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:52.0393 3376	WANARP - ok
21:31:52.0397 3376	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:52.0439 3376	Wanarpv6 - ok
21:31:52.0464 3376	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:31:52.0503 3376	wbengine - ok
21:31:52.0514 3376	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:31:52.0538 3376	WbioSrvc - ok
21:31:52.0550 3376	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:31:52.0577 3376	wcncsvc - ok
21:31:52.0585 3376	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:31:52.0599 3376	WcsPlugInService - ok
21:31:52.0607 3376	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:31:52.0618 3376	Wd - ok
21:31:52.0633 3376	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:31:52.0658 3376	Wdf01000 - ok
21:31:52.0667 3376	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:31:52.0698 3376	WdiServiceHost - ok
21:31:52.0702 3376	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:31:52.0723 3376	WdiSystemHost - ok
21:31:52.0734 3376	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:31:52.0760 3376	WebClient - ok
21:31:52.0770 3376	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:31:52.0818 3376	Wecsvc - ok
21:31:52.0826 3376	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:31:52.0870 3376	wercplsupport - ok
21:31:52.0879 3376	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:31:52.0923 3376	WerSvc - ok
21:31:52.0931 3376	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:31:52.0973 3376	WfpLwf - ok
21:31:52.0981 3376	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:31:52.0991 3376	WIMMount - ok
21:31:52.0994 3376	WinDefend - ok
21:31:52.0999 3376	WinHttpAutoProxySvc - ok
21:31:53.0011 3376	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:31:53.0056 3376	Winmgmt - ok
21:31:53.0087 3376	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:31:53.0164 3376	WinRM - ok
21:31:53.0177 3376	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:31:53.0194 3376	WinUsb - ok
21:31:53.0211 3376	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:31:53.0247 3376	Wlansvc - ok
21:31:53.0256 3376	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:31:53.0269 3376	WmiAcpi - ok
21:31:53.0281 3376	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:31:53.0298 3376	wmiApSrv - ok
21:31:53.0301 3376	WMPNetworkSvc - ok
21:31:53.0310 3376	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:31:53.0324 3376	WPCSvc - ok
21:31:53.0333 3376	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:31:53.0350 3376	WPDBusEnum - ok
21:31:53.0358 3376	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:31:53.0400 3376	ws2ifsl - ok
21:31:53.0408 3376	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:31:53.0430 3376	wscsvc - ok
21:31:53.0436 3376	WSearch - ok
21:31:53.0473 3376	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:31:53.0556 3376	wuauserv - ok
21:31:53.0566 3376	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:31:53.0609 3376	WudfPf - ok
21:31:53.0619 3376	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:53.0662 3376	WUDFRd - ok
21:31:53.0671 3376	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:31:53.0714 3376	wudfsvc - ok
21:31:53.0724 3376	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:31:53.0748 3376	WwanSvc - ok
21:31:53.0756 3376	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:31:53.0787 3376	\Device\Harddisk0\DR0 - ok
21:31:53.0800 3376	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:31:53.0860 3376	\Device\Harddisk1\DR1 - ok
21:31:53.0862 3376	Boot (0x1200)   (7a4a73f933c76a907f73f54e5100c927) \Device\Harddisk0\DR0\Partition0
21:31:53.0863 3376	\Device\Harddisk0\DR0\Partition0 - ok
21:31:53.0866 3376	Boot (0x1200)   (9867455a6cc1449b58b13e4bd4d3c71f) \Device\Harddisk0\DR0\Partition1
21:31:53.0867 3376	\Device\Harddisk0\DR0\Partition1 - ok
21:31:53.0870 3376	Boot (0x1200)   (60a121c2727f99c00fa2447eeff7eef1) \Device\Harddisk1\DR1\Partition0
21:31:53.0871 3376	\Device\Harddisk1\DR1\Partition0 - ok
21:31:53.0871 3376	============================================================
21:31:53.0871 3376	Scan finished
21:31:53.0871 3376	============================================================
21:31:53.0880 3200	Detected object count: 1
21:31:53.0880 3200	Actual detected object count: 1
21:32:07.0697 3200	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:07.0697 3200	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 27.03.2012, 21:05

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

covellite · 27.03.2012, 21:33

Ok. Auch das ist jetzt erledigt.

Code:

ATTFilter

ComboFix 12-03-27.03 - Mareike 27.03.2012  22:13:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8169.7097 [GMT 2:00]
ausgeführt von:: c:\users\Mareike\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 20:19 . 2012-03-27 20:19	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19	--------	d-----w-	c:\users\Mareike\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-27 20:19 . 2012-03-27 20:19	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2012-03-27 16:56 . 2012-03-27 16:56	--------	d-----w-	c:\users\Mareike\AppData\Local\VirtualStore
2012-03-27 16:20 . 2012-03-27 16:20	--------	d-----w-	C:\_OTL
2012-03-26 17:12 . 2012-03-26 17:12	--------	d-----w-	c:\program files (x86)\ESET
2012-03-26 05:33 . 2012-03-26 05:33	--------	d-----w-	c:\users\Mareike\AppData\Roaming\Malwarebytes
2012-03-26 05:32 . 2012-03-26 05:32	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-26 05:32 . 2012-03-26 05:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 05:32 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-19 08:38 . 2012-03-19 08:38	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 08:38 . 2012-03-19 08:38	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 05:53 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 05:53 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:53 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:50 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{52B71A7E-0919-449C-8D50-5A0AA6607511}\mpengine.dll
2012-03-14 05:50 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 05:50 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 05:50 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 05:50 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:50 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:50 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 05:50 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 05:50 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 05:50 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:50 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-11 19:23 . 1998-10-29 15:45	306688	----a-w-	c:\windows\IsUninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-02-22 18:19	962368	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-02-22 18:19	812352	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-02-22 18:19	8008000	----a-w-	c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 18:19	7713088	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 18:19	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 18:19	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 18:19	5892928	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 18:19	364352	----a-w-	c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-22 18:19	301376	----a-w-	c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-22 18:19	2872640	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 18:19	2672448	----a-w-	c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 18:19	260416	----a-w-	c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-02-22 18:19	25222976	----a-w-	c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 18:19	2517312	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 18:19	2437440	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 18:19	2301248	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-02-10 04:13 . 2012-02-22 18:19	215360	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-02-22 18:19	19443520	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 18:19	17642816	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-02-22 18:19	17543488	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 18:19	1737536	----a-w-	c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-02-22 18:19	1466176	----a-w-	c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-02-22 18:19	13624128	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-05-21 04:01	25541952	----a-w-	c:\windows\system32\nvoglv64.dll
2012-02-10 04:13 . 2011-05-21 04:01	15009600	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2010-07-31 14:46	9717568	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2010-07-31 14:46	2660160	----a-w-	c:\windows\system32\nvapi64.dll
2012-02-10 03:14 . 2010-07-31 06:52	6074176	----a-w-	c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2010-07-31 06:52	3089728	----a-w-	c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2010-07-31 06:52	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-02-10 03:07 . 2010-07-31 06:52	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-02-10 03:07 . 2010-07-31 06:52	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-02-10 03:07 . 2010-07-31 06:52	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-02-10 03:05 . 2012-02-22 18:20	2497985	----a-w-	c:\windows\system32\nvcoproc.bin
2012-01-17 12:46 . 2012-02-22 18:19	31040	----a-w-	c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-02-22 18:19	188224	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-02-22 18:19	1451840	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2012-01-04 10:44 . 2012-02-21 17:06	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-21 17:06	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-21 17:06	515584	----a-w-	c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-21 17:06	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2011-05-15 05:35 . 2011-05-15 05:35	12535496	----a-w-	c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	94208	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-06-23 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2011-06-21 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-06-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26980425
*Deregistered* - 26980425
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02	97792	----a-w-	c:\users\Mareike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\gl03g850.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Baldur's Gate - t:\programme\black isle\baldur's gate\Uninst.isu
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{B442D7D6-5153-4DBC-954D-BFFAACACDFDC}_is1 - t:\programme\SteamTool\unins000.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-27  22:30:59
ComboFix-quarantined-files.txt  2012-03-27 20:30
.
Vor Suchlauf: 10 Verzeichnis(se), 31.928.819.712 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 31.877.885.952 Bytes frei
.
- - End Of File - - 4156F7F7A7621490512B319FF78A65CA

cosinus · 28.03.2012, 10:06

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

covellite · 28.03.2012, 17:29

Ok. Fertig.

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 18:19:37
-----------------------------
18:19:37.385    OS Version: Windows x64 6.1.7601 Service Pack 1
18:19:37.385    Number of processors: 4 586 0x2A07
18:19:37.385    ComputerName: ADMIN-PC  UserName: Mareike
18:19:37.539    Initialize success
18:20:35.016    AVAST engine defs: 12032801
18:20:45.801    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:20:45.803    Disk 0 Vendor: C300-CTF 0006 Size: 122104MB BusType: 3
18:20:45.806    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:20:45.808    Disk 1 Vendor: SAMSUNG_ 1AG0 Size: 953869MB BusType: 3
18:20:45.812    Disk 0 MBR read successfully
18:20:45.815    Disk 0 MBR scan
18:20:45.819    Disk 0 Windows 7 default MBR code
18:20:45.822    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:20:45.827    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
18:20:45.835    Disk 0 scanning C:\Windows\system32\drivers
18:20:49.121    Service scanning
18:20:56.720    Modules scanning
18:20:56.729    Disk 0 trace - called modules:
18:20:57.536    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:20:57.541    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c97060]
18:20:57.546    3 CLASSPNP.SYS[fffff88001da343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006d1c050]
18:20:57.698    AVAST engine scan C:\Windows
18:20:58.432    AVAST engine scan C:\Windows\system32
18:21:59.876    AVAST engine scan C:\Windows\system32\drivers
18:22:03.600    AVAST engine scan C:\Users\Mareike
18:22:11.073    AVAST engine scan C:\ProgramData
18:22:17.099    Scan finished successfully
18:24:43.732    Disk 0 MBR has been saved successfully to "C:\Users\Mareike\Desktop\MBR.dat"
18:24:43.737    The log file has been saved successfully to "C:\Users\Mareike\Desktop\aswMBR.txt"

Bundepolizei Trojaner - ...\Temporary Internet Files\Content.IE5\TFYDY7IU\91_217_200_105[1].htm

Log-Analyse und Auswertung: Bundepolizei Trojaner - ...\Temporary Internet Files\Content.IE5\TFYDY7IU\91_217_200_105[1].htm