Windows wurde blockiert - 50€

Weezy13 · 30.03.2012, 14:30

Hallo zusammen,

auch ich hatte gestern diesen Windows blockiert Virus ding.
Nur als ich meinen Rechner neu gestartet hab, lief alles normal.
Hab dann Malwarebytes Anti Malware durchlaufen lassen.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421

28.03.2012 22:26:44
mbam-log-2012-03-28 (22-26-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221961
Laufzeit: 1 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Bad Weezy\AppData\Local\Temp\cgs8h0.exe (Exploit.Drop) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

War dann alles so weit normal, nur heute hat Avira nach dem Update nochmal angeschlagen.

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 30. März 2012  14:42

Es wird nach 3562906 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   :

Versionsinformationen:
BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  18.02.2012 14:28:04
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  18.02.2012 14:28:02
LUKE.DLL       : 12.1.0.19      68304 Bytes  18.02.2012 14:28:04
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  18.02.2012 14:28:07
AVREG.DLL      : 12.1.0.29     228048 Bytes  18.02.2012 14:28:07
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 15:47:57
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 00:41:52
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 20:09:46
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 20:09:46
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 20:09:46
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 20:09:47
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 20:09:47
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 20:09:47
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 20:09:47
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 20:09:48
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 20:09:48
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 20:09:48
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 12:39:50
VBASE015.VDF   : 7.11.26.108     2048 Bytes  30.03.2012 12:39:51
VBASE016.VDF   : 7.11.26.109     2048 Bytes  30.03.2012 12:39:51
VBASE017.VDF   : 7.11.26.110     2048 Bytes  30.03.2012 12:39:51
VBASE018.VDF   : 7.11.26.111     2048 Bytes  30.03.2012 12:39:51
VBASE019.VDF   : 7.11.26.112     2048 Bytes  30.03.2012 12:39:52
VBASE020.VDF   : 7.11.26.113     2048 Bytes  30.03.2012 12:39:53
VBASE021.VDF   : 7.11.26.114     2048 Bytes  30.03.2012 12:39:53
VBASE022.VDF   : 7.11.26.115     2048 Bytes  30.03.2012 12:39:53
VBASE023.VDF   : 7.11.26.116     2048 Bytes  30.03.2012 12:39:53
VBASE024.VDF   : 7.11.26.117     2048 Bytes  30.03.2012 12:39:53
VBASE025.VDF   : 7.11.26.118     2048 Bytes  30.03.2012 12:39:53
VBASE026.VDF   : 7.11.26.119     2048 Bytes  30.03.2012 12:39:53
VBASE027.VDF   : 7.11.26.120     2048 Bytes  30.03.2012 12:39:53
VBASE028.VDF   : 7.11.26.121     2048 Bytes  30.03.2012 12:39:53
VBASE029.VDF   : 7.11.26.122     2048 Bytes  30.03.2012 12:39:53
VBASE030.VDF   : 7.11.26.123     2048 Bytes  30.03.2012 12:39:53
VBASE031.VDF   : 7.11.26.130    55296 Bytes  30.03.2012 12:39:55
Engineversion  : 8.2.10.28 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  27.10.2011 13:17:08
AESCRIPT.DLL   : 8.1.4.13      442746 Bytes  26.03.2012 22:24:23
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 19:50:36
AESBX.DLL      : 8.2.5.5       606579 Bytes  17.03.2012 10:19:57
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.16.7      803190 Bytes  26.03.2012 22:24:22
AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  31.12.2011 16:32:07
AEHEUR.DLL     : 8.1.4.8      4514165 Bytes  26.03.2012 22:24:21
AEHELP.DLL     : 8.1.19.0      254327 Bytes  21.01.2012 16:02:56
AEGEN.DLL      : 8.1.5.23      409973 Bytes  10.03.2012 03:51:01
AEEXP.DLL      : 8.1.0.25       74101 Bytes  17.03.2012 10:19:58
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.25.6      201078 Bytes  17.03.2012 10:18:31
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL     : 12.1.0.23     209360 Bytes  18.02.2012 14:28:01
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f75a95f\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Freitag, 30. März 2012  14:42

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDMedia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RazerNagaSysTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLanGUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winamp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'psr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Bad Weezy\AppData\Local\Temp\Main.class'
C:\Users\Bad Weezy\AppData\Local\Temp\Main.class
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DI.2

Beginne mit der Desinfektion:
C:\Users\Bad Weezy\AppData\Local\Temp\Main.class
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DI.2
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a1006c3.qua' verschoben!


Ende des Suchlaufs: Freitag, 30. März 2012  14:42
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     22 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     21 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

OTL.txt

Code:

ATTFilter

OTL logfile created on: 30.03.2012 16:12:35 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Bad Weezy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,81% Memory free
15,94 Gb Paging File | 14,67 Gb Available in Paging File | 91,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,03 Gb Total Space | 62,59 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
Drive D: | 732,42 Gb Total Space | 569,84 Gb Free Space | 77,80% Space Free | Partition Type: NTFS
Drive F: | 199,09 Gb Total Space | 97,88 Gb Free Space | 49,17% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bad Weezy\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Boonty Games) -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 00 DF 0E 24 0D CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 220.69.189.39:2301
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bad Weezy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.28 22:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 14:19:57 | 000,000,000 | ---D | M]
 
[2011.06.20 14:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Extensions
[2012.03.29 23:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions
[2011.07.01 19:11:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 23:44:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.30 04:14:51 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\battlefieldheroespatcher@ea.com
[2011.11.22 23:55:24 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\welcome@toolmin.com
[2012.03.29 01:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.29 01:51:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BAD WEEZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SV1WK8C.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\BAD WEEZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SV1WK8C.DEFAULT\EXTENSIONS\SUPPORT@MATESO.DE.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.29 01:51:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.22 23:55:24 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Bad Weezy\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Programme (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Password Safe Standard] C:\Program Files (x86)\Password Safe and Repository 6\psr.exe (MATESO GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4D0AAD8-EB8E-477D-AC3F-231E3DD76747}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\Shell - "" = AutoRun
O33 - MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 15:10:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bad Weezy\Desktop\OTL.exe
[2012.03.29 01:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.29 01:51:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.29 01:51:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.29 01:51:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.29 01:49:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.28 22:25:44 | 000,000,000 | ---D | C] -- C:\Users\Bad Weezy\AppData\Roaming\Malwarebytes
[2012.03.28 22:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.28 22:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.28 22:25:40 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.28 22:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.18 04:00:55 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.18 04:00:55 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.18 04:00:55 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.17 12:13:04 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.17 12:10:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.17 12:10:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.17 12:10:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.17 12:10:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.17 12:10:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 16:03:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 16:03:49 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 16:02:00 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 16:02:00 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 16:02:00 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 16:02:00 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 16:02:00 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 15:56:43 | 000,000,838 | ---- | M] () -- C:\Users\Bad Weezy\Documents\psr6.lic
[2012.03.30 15:56:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 15:56:38 | 2124,926,975 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 15:36:28 | 000,714,752 | ---- | M] () -- C:\Users\Bad Weezy\Documents\MeganFox.ps6
[2012.03.30 15:10:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bad Weezy\Desktop\OTL.exe
[2012.03.29 01:51:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.29 01:51:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.29 01:51:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.29 01:51:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.28 22:25:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 18:33:54 | 000,000,068 | ---- | M] () -- C:\Users\Bad Weezy\Desktop\Jam FM.m3u
[2012.03.18 04:16:39 | 000,274,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.03 05:37:58 | 000,000,045 | ---- | M] () -- C:\Users\Bad Weezy\AppData\Roaming\TheHunterSettings_live.cfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 22:54:12 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.28 22:25:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 18:33:53 | 000,000,068 | ---- | C] () -- C:\Users\Bad Weezy\Desktop\Jam FM.m3u
[2012.02.26 17:22:27 | 000,000,045 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Roaming\TheHunterSettings_live.cfg
[2011.12.17 13:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.15 18:02:47 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2011.09.02 20:18:48 | 000,007,592 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\Resmon.ResmonCfg
[2011.09.02 01:39:11 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.08.10 10:53:44 | 000,000,212 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Roaming\Lucid_player_profiles_data.dat
[2011.08.10 10:53:44 | 000,000,008 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Roaming\Lucid_player_highscore.dat
[2011.06.26 00:29:31 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.06.26 00:29:31 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.06.26 00:29:31 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.06.26 00:29:30 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.22 17:10:19 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.22 17:10:18 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.06.22 17:10:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.24 13:03:24 | 000,276,232 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\ConduitInstaller.exe
[2011.03.27 21:43:08 | 000,096,768 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\Bloson.exe
[2011.03.21 13:36:30 | 000,026,456 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\bloson.bmp
[2010.11.13 12:14:46 | 000,062,648 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\toolbar3.bmp
[2010.11.12 12:09:56 | 000,195,108 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\lateral3.bmp
[2010.11.12 11:44:14 | 000,193,744 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\lateral1.bmp
[2010.11.12 11:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\lateral2.bmp
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.10.20 10:49:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.03.29 22:28:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.06.20 13:08:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.28 02:05:14 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.06.20 13:15:01 | 000,000,000 | ---D | M] -- C:\Intel
[2011.12.27 17:53:01 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.28 22:44:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.28 22:55:41 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.28 22:25:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.20 13:08:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.15 19:27:22 | 000,000,000 | ---D | M] -- C:\Programme (x86)
[2011.06.20 13:08:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.06.20 13:34:55 | 000,000,000 | ---D | M] -- C:\Samsung
[2012.03.30 16:08:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.23 01:41:28 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.27 17:53:21 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.30 15:08:52 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2011.03.27 21:43:08 | 000,096,768 | ---- | M] () -- C:\Users\Bad Weezy\AppData\Local\Bloson.exe
[2011.05.24 13:03:24 | 000,276,232 | ---- | M] () -- C:\Users\Bad Weezy\AppData\Local\ConduitInstaller.exe
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.01.27 22:38:33 | 000,001,553 | ---- | M] () -- C:\Users\Bad Weezy\.recently-used.xbel
[2012.03.30 16:14:39 | 002,359,296 | -HS- | M] () -- C:\Users\Bad Weezy\NTUSER.DAT
[2012.03.30 16:14:39 | 000,262,144 | -HS- | M] () -- C:\Users\Bad Weezy\ntuser.dat.LOG1
[2011.06.20 13:08:43 | 000,000,000 | -HS- | M] () -- C:\Users\Bad Weezy\ntuser.dat.LOG2
[2011.06.20 13:17:21 | 000,065,536 | -HS- | M] () -- C:\Users\Bad Weezy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.06.20 13:17:21 | 000,524,288 | -HS- | M] () -- C:\Users\Bad Weezy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.06.20 13:17:21 | 000,524,288 | -HS- | M] () -- C:\Users\Bad Weezy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.06.20 13:08:43 | 000,000,020 | -HS- | M] () -- C:\Users\Bad Weezy\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 30.03.2012 16:12:35 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Bad Weezy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 83,81% Memory free
15,94 Gb Paging File | 14,67 Gb Available in Paging File | 91,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,03 Gb Total Space | 62,59 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
Drive D: | 732,42 Gb Total Space | 569,84 Gb Free Space | 77,80% Space Free | Partition Type: NTFS
Drive F: | 199,09 Gb Total Space | 97,88 Gb Free Space | 49,17% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10668AA3-490D-46C1-B606-A621451998EF}" = Password Safe and Repository 6
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 290.53
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 290.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5A336D74-E680-4986-96F4-E9CEBC784F56}" = Naga Firmware Updater 1.13
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D312F154-8455-45C1-A44E-1AED321E6E95}" = NVIDIA 3D Vision Video Player
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Awakening of the Rebellion 2.50" = Awakening of the Rebellion 2.50
"Battlelog Web Plugins" = Battlelog Web Plugins
"EA Installer.-1998263972" = EA Installer
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mp3tag" = Mp3tag v2.49
"MSI_APS_is1" = MSI_APS
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Steam App 22380" = Fallout: New Vegas
"Steam App 22480" = GECK - New Vegas Edition
"Steam App 24240" = PAYDAY: The Heist
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 400" = Portal
"Steam App 44320" = DiRT 3
"Steam App 44360" = F1 2011
"Steam App 48000" = LIMBO
"Steam App 48240" = Anno 2070
"Steam App 61100" = Lucid
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"theHunter" = theHunter (remove only)
"toolplugin" = toolplugin
"Trek Wars - Federation at War" = Trek Wars - Federation at War 0.9 
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2012 15:43:53 | Computer Name = BadWeezy-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Steam\steamapps\common\f1
 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "d:\Steam\steamapps\common\f1
 2011\CustomActionOnFinishInst.exe" in Zeile 1.  Mehrere requestedPrivileges-Elemente
 sind nicht im Manifest zulässig.
 
Error - 28.03.2012 16:05:53 | Computer Name = BadWeezy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2012 16:31:02 | Computer Name = BadWeezy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2012 16:57:38 | Computer Name = BadWeezy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2012 18:30:38 | Computer Name = BadWeezy-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Steam\steamapps\common\f1
 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "d:\Steam\steamapps\common\f1
 2011\CustomActionOnFinishInst.exe" in Zeile 1.  Mehrere requestedPrivileges-Elemente
 sind nicht im Manifest zulässig.
 
Error - 29.03.2012 16:30:07 | Computer Name = BadWeezy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2012 18:34:16 | Computer Name = BadWeezy-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Steam\steamapps\common\f1
 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "d:\Steam\steamapps\common\f1
 2011\CustomActionOnFinishInst.exe" in Zeile 1.  Mehrere requestedPrivileges-Elemente
 sind nicht im Manifest zulässig.
 
Error - 30.03.2012 08:40:48 | Computer Name = BadWeezy-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 09:36:30 | Computer Name = BadWeezy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: psr.exe, Version: 6.2.1.2106, Zeitstempel:
 0x4eb3f1af  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x95c  Startzeit der fehlerhaften Anwendung: 0x01cd0e72124191f1  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Password Safe and Repository 6\psr.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 5ada3582-7a6d-11e1-a653-001c4afb04f6
 
Error - 30.03.2012 09:58:35 | Computer Name = BadWeezy-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.11.2011 14:47:58 | Computer Name = BadWeezy-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{B76A259F-5B6E-4D58-89C5-BA49B35DC713} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 11.11.2011 03:05:57 | Computer Name = BadWeezy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?11.?2011 um 08:03:10 unerwartet heruntergefahren.
 
Error - 12.11.2011 00:57:37 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 12.11.2011 00:57:37 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 16.11.2011 10:45:38 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 16.11.2011 10:45:38 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 06.12.2011 13:21:56 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "CyberLink PowerDVD 11.0 Service" ist als interaktiver 
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.12.2011 13:21:56 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "CyberLink PowerDVD 11.0 Monitor Service" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 10.12.2011 01:42:16 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 10.12.2011 01:42:16 | Computer Name = BadWeezy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

Vielen Dank schon mal

cosinus · 30.03.2012, 18:17

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Weezy13 · 30.03.2012, 21:33

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bad Weezy :: BADWEEZY-PC [Administrator]

30.03.2012 21:13:50
mbam-log-2012-03-30 (21-13-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426885
Laufzeit: 23 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=72bead1ecf2e054589bf32c85bc2bfe0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-30 08:24:12
# local_time=2012-03-30 10:24:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 14036339 14036339 0 0
# compatibility_mode=5893 16776573 100 94 16629 84766596 0 0
# compatibility_mode=8192 67108863 100 0 188 188 0 0
# scanned=214870
# found=2
# cleaned=0
# scan_time=2306
C:\Users\Bad Weezy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1ae64337-4b6b1d37	a variant of Java/Exploit.CVE-2012-0507.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Bad Weezy\AppData\Roaming\toolplugin\toolbar.dll	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I

cosinus · 30.03.2012, 22:58

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Weezy13 · 30.03.2012, 23:20

Ja, der normale modus läuft als wenn nix gewesen wäre und das Startmenü sieht so weit auch in Ordnung aus.

cosinus · 30.03.2012, 23:23

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Weezy13 · 30.03.2012, 23:39

Code:

ATTFilter

OTL logfile created on: 31.03.2012 00:30:57 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Bad Weezy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 6,82 Gb Available Physical Memory | 85,55% Memory free
15,94 Gb Paging File | 14,75 Gb Available in Paging File | 92,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,03 Gb Total Space | 62,06 Gb Free Space | 57,99% Space Free | Partition Type: NTFS
Drive D: | 732,42 Gb Total Space | 569,84 Gb Free Space | 77,80% Space Free | Partition Type: NTFS
Drive F: | 199,09 Gb Total Space | 97,88 Gb Free Space | 49,17% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bad Weezy\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Boonty Games) -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 00 DF 0E 24 0D CD 01  [binary data]
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 220.69.189.39:2301
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bad Weezy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.28 22:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 14:19:57 | 000,000,000 | ---D | M]
 
[2011.06.20 14:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Extensions
[2012.03.29 23:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions
[2011.07.01 19:11:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 23:44:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.30 04:14:51 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\battlefieldheroespatcher@ea.com
[2011.11.22 23:55:24 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Bad Weezy\AppData\Roaming\mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\welcome@toolmin.com
[2012.03.29 01:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.29 01:51:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BAD WEEZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SV1WK8C.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\BAD WEEZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1SV1WK8C.DEFAULT\EXTENSIONS\SUPPORT@MATESO.DE.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.29 01:51:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.22 23:55:24 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Bad Weezy\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKU\S-1-5-21-192102404-974623874-4118770486-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Programme (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-192102404-974623874-4118770486-1000..\Run: [Password Safe Standard] C:\Program Files (x86)\Password Safe and Repository 6\psr.exe (MATESO GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-192102404-974623874-4118770486-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-192102404-974623874-4118770486-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4D0AAD8-EB8E-477D-AC3F-231E3DD76747}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-192102404-974623874-4118770486-1000 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\Shell - "" = AutoRun
O33 - MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: Live Update 5 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RemoteControl11 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SkypePM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5035D6FC-ADD0-F5B9-5266-0B77F8D772C6} - Microsoft Windows Media Player
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D8DC8811-660B-DCB7-7DFC-F832D85B16A9} - Themes Setup
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.30 21:17:26 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Bad Weezy\Desktop\esetsmartinstaller_enu.exe
[2012.03.30 16:35:43 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Users\Bad Weezy\Desktop\ccsetup317.exe
[2012.03.30 15:10:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bad Weezy\Desktop\OTL.exe
[2012.03.29 01:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.29 01:49:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.28 22:25:44 | 000,000,000 | ---D | C] -- C:\Users\Bad Weezy\AppData\Roaming\Malwarebytes
[2012.03.28 22:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.28 22:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.28 22:25:40 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.28 22:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 22:42:25 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 22:42:25 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 22:41:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 22:41:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 22:41:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 22:41:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 22:41:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 22:35:16 | 000,000,838 | ---- | M] () -- C:\Users\Bad Weezy\Documents\psr6.lic
[2012.03.30 22:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 22:35:10 | 2124,926,975 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 21:17:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Bad Weezy\Desktop\esetsmartinstaller_enu.exe
[2012.03.30 16:44:41 | 000,714,752 | ---- | M] () -- C:\Users\Bad Weezy\Documents\MeganFox.ps6
[2012.03.30 16:35:53 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Users\Bad Weezy\Desktop\ccsetup317.exe
[2012.03.30 15:10:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bad Weezy\Desktop\OTL.exe
[2012.03.28 22:25:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 18:33:54 | 000,000,068 | ---- | M] () -- C:\Users\Bad Weezy\Desktop\Jam FM.m3u
[2012.03.18 04:16:39 | 000,274,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.03 05:37:58 | 000,000,045 | ---- | M] () -- C:\Users\Bad Weezy\AppData\Roaming\TheHunterSettings_live.cfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 22:54:12 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.28 22:25:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 18:33:53 | 000,000,068 | ---- | C] () -- C:\Users\Bad Weezy\Desktop\Jam FM.m3u
[2012.02.26 17:22:27 | 000,000,045 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Roaming\TheHunterSettings_live.cfg
[2011.12.17 13:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.15 18:02:47 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2011.09.02 20:18:48 | 000,007,592 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\Resmon.ResmonCfg
[2011.09.02 01:39:11 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.08.10 10:53:44 | 000,000,212 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Roaming\Lucid_player_profiles_data.dat
[2011.08.10 10:53:44 | 000,000,008 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Roaming\Lucid_player_highscore.dat
[2011.06.26 00:29:31 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.06.26 00:29:31 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.06.26 00:29:31 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.06.26 00:29:30 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.22 17:10:19 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.22 17:10:18 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.06.22 17:10:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.24 13:03:24 | 000,276,232 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\ConduitInstaller.exe
[2011.03.27 21:43:08 | 000,096,768 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\Bloson.exe
[2011.03.21 13:36:30 | 000,026,456 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\bloson.bmp
[2010.11.13 12:14:46 | 000,062,648 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\toolbar3.bmp
[2010.11.12 12:09:56 | 000,195,108 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\lateral3.bmp
[2010.11.12 11:44:14 | 000,193,744 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\lateral1.bmp
[2010.11.12 11:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Bad Weezy\AppData\Local\lateral2.bmp
 
========== LOP Check ==========
 
[2011.11.22 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\.minecraft
[2012.03.28 22:43:29 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Amazon
[2011.08.19 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Canneverbe Limited
[2011.09.09 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoft
[2011.07.01 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.03 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\gtk-2.0
[2011.11.19 08:02:19 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\MotioninJoy
[2011.11.10 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Mp3tag
[2012.03.28 22:49:49 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Orbit
[2011.10.21 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Origin
[2011.06.24 20:40:31 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\PasswordSafe
[2011.09.22 02:24:24 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Petroglyph
[2012.01.19 23:30:37 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\ProgSense
[2011.09.15 17:21:09 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Rainmeter
[2011.07.23 01:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Samsung
[2011.06.21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\The Creative Assembly
[2011.10.05 02:18:46 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\thriXXX
[2011.11.22 23:55:24 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\toolplugin
[2011.12.10 10:47:19 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Ubisoft
[2011.09.17 19:28:06 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Unity
[2012.01.17 12:17:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.22 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\.minecraft
[2011.08.04 11:04:05 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Adobe
[2012.03.28 22:43:29 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Amazon
[2011.10.20 10:47:30 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Avira
[2011.08.19 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Canneverbe Limited
[2011.12.06 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\CyberLink
[2011.09.09 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoft
[2011.07.01 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.03 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\gtk-2.0
[2011.06.20 13:08:47 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Identities
[2011.06.20 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\InstallShield
[2011.06.20 14:49:06 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Macromedia
[2012.03.28 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Malwarebytes
[2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Media Center Programs
[2011.09.15 17:50:00 | 000,000,000 | --SD | M] -- C:\Users\Bad Weezy\AppData\Roaming\Microsoft
[2011.11.19 08:02:19 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\MotioninJoy
[2011.06.20 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Mozilla
[2011.11.10 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Mp3tag
[2011.12.07 18:32:19 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\NCH Software
[2011.12.10 09:14:08 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\NVIDIA
[2011.12.05 17:50:09 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\NVIDIA 3D Vision Video Player
[2012.03.28 22:49:49 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Orbit
[2011.10.21 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Origin
[2011.06.24 20:40:31 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\PasswordSafe
[2011.09.22 02:24:24 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Petroglyph
[2012.01.19 23:30:37 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\ProgSense
[2011.09.15 17:21:09 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Rainmeter
[2011.07.23 01:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Samsung
[2011.06.22 17:15:41 | 000,000,000 | RH-D | M] -- C:\Users\Bad Weezy\AppData\Roaming\SecuROM
[2011.06.21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\The Creative Assembly
[2011.10.05 02:18:46 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\thriXXX
[2011.11.22 23:55:24 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\toolplugin
[2011.12.10 10:47:19 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Ubisoft
[2011.09.17 19:28:06 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Unity
[2012.03.28 19:20:17 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\Winamp
[2011.07.01 23:57:11 | 000,000,000 | ---D | M] -- C:\Users\Bad Weezy\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.23 14:06:54 | 001,341,376 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Bad Weezy\AppData\Roaming\Mozilla\Firefox\Profiles\1sv1wk8c.default\extensions\battlefieldheroespatcher@ea.com\plugins\BFHUpdater.exe
[2007.08.29 16:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Bad Weezy\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 02.04.2012, 08:56

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-192102404-974623874-4118770486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 220.69.189.39:2301
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\Shell - "" = AutoRun
O33 - MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\Shell\AutoRun\command - "" = F:\pushinst.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Weezy13 · 03.04.2012, 06:07

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-192102404-974623874-4118770486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\Bad Weezy\AppData\Roaming\Mozilla\FireFox\Profiles\1sv1wk8c.default\user.js moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisplayLastLogonInfo deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1e7215e-9b30-11e0-9b6d-6c626d41acb5}\ not found.
File F:\pushinst.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bad Weezy
->Temp folder emptied: 207667162 bytes
->Temporary Internet Files folder emptied: 108847485 bytes
->Java cache emptied: 16382284 bytes
->FireFox cache emptied: 50146887 bytes
->Flash cache emptied: 487 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 44812 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
User: UpdatusUser.BadWeezy-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 44812 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150285736 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 16527444 bytes
 
Total Files Cleaned = 525,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Bad Weezy
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
User: UpdatusUser.BadWeezy-PC
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04032012_070144

Files\Folders moved on Reboot...
C:\Users\Bad Weezy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 03.04.2012, 15:48

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Weezy13 · 04.04.2012, 09:02

Code:

ATTFilter

10:00:22.0523 4356	TDSS rootkit removing tool 2.7.25.0 Apr  3 2012 13:42:32
10:00:22.0835 4356	============================================================
10:00:22.0835 4356	Current date / time: 2012/04/04 10:00:22.0835
10:00:22.0835 4356	SystemInfo:
10:00:22.0835 4356	
10:00:22.0835 4356	OS Version: 6.1.7601 ServicePack: 1.0
10:00:22.0835 4356	Product type: Workstation
10:00:22.0835 4356	ComputerName: BADWEEZY-PC
10:00:22.0835 4356	UserName: Bad Weezy
10:00:22.0835 4356	Windows directory: C:\Windows
10:00:22.0835 4356	System windows directory: C:\Windows
10:00:22.0835 4356	Running under WOW64
10:00:22.0835 4356	Processor architecture: Intel x64
10:00:22.0835 4356	Number of processors: 8
10:00:22.0835 4356	Page size: 0x1000
10:00:22.0835 4356	Boot type: Normal boot
10:00:22.0835 4356	============================================================
10:00:23.0022 4356	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:00:23.0022 4356	Drive \Device\Harddisk1\DR1 - Size: 0x1AC882A000 (107.13 Gb), SectorSize: 0x200, Cylinders: 0x36A1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:00:23.0022 4356	\Device\Harddisk0\DR0:
10:00:23.0022 4356	MBR used
10:00:23.0022 4356	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5B8D8000
10:00:23.0022 4356	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5B8D8800, BlocksNum 0x18E2D000
10:00:23.0022 4356	\Device\Harddisk1\DR1:
10:00:23.0022 4356	MBR used
10:00:23.0022 4356	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:00:23.0022 4356	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xD611000
10:00:23.0069 4356	Initialize success
10:00:23.0069 4356	============================================================
10:00:36.0828 4452	============================================================
10:00:36.0828 4452	Scan started
10:00:36.0828 4452	Mode: Manual; SigCheck; TDLFS; 
10:00:36.0828 4452	============================================================
10:00:36.0922 4452	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:00:36.0968 4452	1394ohci - ok
10:00:36.0968 4452	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:00:36.0984 4452	ACPI - ok
10:00:36.0984 4452	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:00:37.0015 4452	AcpiPmi - ok
10:00:37.0015 4452	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:00:37.0015 4452	AdobeARMservice - ok
10:00:37.0031 4452	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:00:37.0031 4452	AdobeFlashPlayerUpdateSvc - ok
10:00:37.0046 4452	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:00:37.0062 4452	adp94xx - ok
10:00:37.0078 4452	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:00:37.0093 4452	adpahci - ok
10:00:37.0093 4452	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:00:37.0109 4452	adpu320 - ok
10:00:37.0109 4452	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:00:37.0202 4452	AeLookupSvc - ok
10:00:37.0202 4452	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:00:37.0218 4452	AFD - ok
10:00:37.0234 4452	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:00:37.0234 4452	agp440 - ok
10:00:37.0249 4452	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:00:37.0265 4452	ALG - ok
10:00:37.0265 4452	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:00:37.0265 4452	aliide - ok
10:00:37.0280 4452	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:00:37.0280 4452	amdide - ok
10:00:37.0296 4452	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:00:37.0312 4452	AmdK8 - ok
10:00:37.0312 4452	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:00:37.0327 4452	AmdPPM - ok
10:00:37.0327 4452	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:00:37.0343 4452	amdsata - ok
10:00:37.0343 4452	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:00:37.0358 4452	amdsbs - ok
10:00:37.0374 4452	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:00:37.0374 4452	amdxata - ok
10:00:37.0390 4452	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
10:00:37.0405 4452	androidusb - ok
10:00:37.0405 4452	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:00:37.0405 4452	AntiVirSchedulerService - ok
10:00:37.0421 4452	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:00:37.0421 4452	AntiVirService - ok
10:00:37.0421 4452	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:00:37.0514 4452	AppID - ok
10:00:37.0514 4452	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:00:37.0546 4452	AppIDSvc - ok
10:00:37.0546 4452	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:00:37.0577 4452	Appinfo - ok
10:00:37.0577 4452	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:00:37.0592 4452	arc - ok
10:00:37.0592 4452	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:00:37.0608 4452	arcsas - ok
10:00:37.0608 4452	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:37.0639 4452	AsyncMac - ok
10:00:37.0639 4452	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:00:37.0639 4452	atapi - ok
10:00:37.0655 4452	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
10:00:37.0670 4452	atksgt - ok
10:00:37.0670 4452	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:00:37.0717 4452	AudioEndpointBuilder - ok
10:00:37.0717 4452	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:00:37.0748 4452	AudioSrv - ok
10:00:37.0748 4452	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
10:00:37.0764 4452	avgntflt - ok
10:00:37.0764 4452	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
10:00:37.0780 4452	avipbb - ok
10:00:37.0780 4452	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:00:37.0795 4452	avkmgr - ok
10:00:37.0795 4452	AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
10:00:37.0795 4452	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
10:00:37.0795 4452	AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
10:00:37.0811 4452	avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
10:00:37.0811 4452	avmeject - ok
10:00:37.0826 4452	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:00:37.0842 4452	AxInstSV - ok
10:00:37.0842 4452	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:00:37.0858 4452	b06bdrv - ok
10:00:37.0873 4452	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:00:37.0889 4452	b57nd60a - ok
10:00:37.0904 4452	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:00:37.0904 4452	BDESVC - ok
10:00:37.0920 4452	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:00:37.0936 4452	Beep - ok
10:00:37.0951 4452	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:00:37.0982 4452	BFE - ok
10:00:37.0998 4452	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:00:38.0029 4452	BITS - ok
10:00:38.0045 4452	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:00:38.0045 4452	blbdrive - ok
10:00:38.0045 4452	Boonty Games    (14dbddde51602769f65145d966e40bd1) C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
10:00:38.0060 4452	Boonty Games ( UnsignedFile.Multi.Generic ) - warning
10:00:38.0060 4452	Boonty Games - detected UnsignedFile.Multi.Generic (1)
10:00:38.0060 4452	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:00:38.0076 4452	bowser - ok
10:00:38.0092 4452	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:00:38.0092 4452	BrFiltLo - ok
10:00:38.0107 4452	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:00:38.0107 4452	BrFiltUp - ok
10:00:38.0123 4452	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:00:38.0138 4452	Browser - ok
10:00:38.0154 4452	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:00:38.0170 4452	Brserid - ok
10:00:38.0170 4452	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:00:38.0185 4452	BrSerWdm - ok
10:00:38.0201 4452	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:00:38.0201 4452	BrUsbMdm - ok
10:00:38.0216 4452	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:00:38.0216 4452	BrUsbSer - ok
10:00:38.0232 4452	BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
10:00:38.0248 4452	BTCFilterService - ok
10:00:38.0248 4452	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:00:38.0263 4452	BTHMODEM - ok
10:00:38.0263 4452	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:00:38.0294 4452	bthserv - ok
10:00:38.0294 4452	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:00:38.0326 4452	cdfs - ok
10:00:38.0326 4452	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:00:38.0341 4452	cdrom - ok
10:00:38.0357 4452	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:00:38.0372 4452	CertPropSvc - ok
10:00:38.0388 4452	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:00:38.0388 4452	circlass - ok
10:00:38.0404 4452	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:00:38.0419 4452	CLFS - ok
10:00:38.0419 4452	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:00:38.0435 4452	clr_optimization_v2.0.50727_32 - ok
10:00:38.0435 4452	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:00:38.0435 4452	clr_optimization_v2.0.50727_64 - ok
10:00:38.0450 4452	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:00:38.0450 4452	clr_optimization_v4.0.30319_32 - ok
10:00:38.0466 4452	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:00:38.0466 4452	clr_optimization_v4.0.30319_64 - ok
10:00:38.0482 4452	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:00:38.0482 4452	CmBatt - ok
10:00:38.0497 4452	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:00:38.0497 4452	cmdide - ok
10:00:38.0513 4452	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:00:38.0528 4452	CNG - ok
10:00:38.0528 4452	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:00:38.0544 4452	Compbatt - ok
10:00:38.0544 4452	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:00:38.0560 4452	CompositeBus - ok
10:00:38.0575 4452	COMSysApp - ok
10:00:38.0575 4452	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:00:38.0575 4452	crcdisk - ok
10:00:38.0591 4452	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:00:38.0622 4452	CryptSvc - ok
10:00:38.0622 4452	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:00:38.0653 4452	DcomLaunch - ok
10:00:38.0669 4452	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:00:38.0684 4452	defragsvc - ok
10:00:38.0700 4452	DeviceMonitorService (6824007c0ecec46edd64d7a9d86eba84) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
10:00:38.0700 4452	DeviceMonitorService - ok
10:00:38.0716 4452	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:00:38.0731 4452	DfsC - ok
10:00:38.0747 4452	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:00:38.0762 4452	Dhcp - ok
10:00:38.0778 4452	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:00:38.0794 4452	discache - ok
10:00:38.0809 4452	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:00:38.0809 4452	Disk - ok
10:00:38.0825 4452	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:00:38.0825 4452	Dnscache - ok
10:00:38.0840 4452	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:00:38.0872 4452	dot3svc - ok
10:00:38.0872 4452	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:00:38.0887 4452	DPS - ok
10:00:38.0903 4452	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:00:38.0903 4452	drmkaud - ok
10:00:38.0934 4452	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:00:38.0950 4452	DXGKrnl - ok
10:00:38.0950 4452	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:00:38.0981 4452	EapHost - ok
10:00:39.0012 4452	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:00:39.0059 4452	ebdrv - ok
10:00:39.0059 4452	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:00:39.0074 4452	EFS - ok
10:00:39.0074 4452	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:00:39.0090 4452	ehRecvr - ok
10:00:39.0090 4452	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:00:39.0106 4452	ehSched - ok
10:00:39.0121 4452	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:00:39.0137 4452	elxstor - ok
10:00:39.0137 4452	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:00:39.0152 4452	ErrDev - ok
10:00:39.0168 4452	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:00:39.0184 4452	EventSystem - ok
10:00:39.0199 4452	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:00:39.0215 4452	exfat - ok
10:00:39.0230 4452	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:00:39.0262 4452	fastfat - ok
10:00:39.0277 4452	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:00:39.0277 4452	Fax - ok
10:00:39.0293 4452	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:00:39.0308 4452	fdc - ok
10:00:39.0308 4452	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:00:39.0324 4452	fdPHost - ok
10:00:39.0340 4452	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:00:39.0355 4452	FDResPub - ok
10:00:39.0371 4452	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:00:39.0371 4452	FileInfo - ok
10:00:39.0386 4452	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:00:39.0402 4452	Filetrace - ok
10:00:39.0418 4452	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:00:39.0418 4452	flpydisk - ok
10:00:39.0433 4452	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:00:39.0449 4452	FltMgr - ok
10:00:39.0464 4452	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:00:39.0480 4452	FontCache - ok
10:00:39.0480 4452	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:00:39.0496 4452	FontCache3.0.0.0 - ok
10:00:39.0496 4452	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:00:39.0511 4452	FsDepends - ok
10:00:39.0511 4452	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:00:39.0527 4452	Fs_Rec - ok
10:00:39.0527 4452	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:00:39.0542 4452	fvevol - ok
10:00:39.0558 4452	fwlanusbn       (15585492e45e2f30768b2d5b57929d99) C:\Windows\system32\DRIVERS\fwlanusbn.sys
10:00:39.0574 4452	fwlanusbn - ok
10:00:39.0589 4452	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:00:39.0589 4452	gagp30kx - ok
10:00:39.0605 4452	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:00:39.0636 4452	gpsvc - ok
10:00:39.0652 4452	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:00:39.0652 4452	hcw85cir - ok
10:00:39.0667 4452	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:00:39.0683 4452	HdAudAddService - ok
10:00:39.0698 4452	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:00:39.0698 4452	HDAudBus - ok
10:00:39.0714 4452	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:00:39.0714 4452	HidBatt - ok
10:00:39.0730 4452	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:00:39.0745 4452	HidBth - ok
10:00:39.0745 4452	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:00:39.0761 4452	HidIr - ok
10:00:39.0761 4452	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:00:39.0792 4452	hidserv - ok
10:00:39.0792 4452	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:00:39.0808 4452	HidUsb - ok
10:00:39.0808 4452	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:00:39.0839 4452	hkmsvc - ok
10:00:39.0839 4452	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:00:39.0854 4452	HomeGroupListener - ok
10:00:39.0870 4452	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:00:39.0870 4452	HomeGroupProvider - ok
10:00:39.0886 4452	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:00:39.0886 4452	HpSAMD - ok
10:00:39.0917 4452	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:00:39.0932 4452	HTTP - ok
10:00:39.0948 4452	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:00:39.0948 4452	hwpolicy - ok
10:00:39.0964 4452	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:00:39.0964 4452	i8042prt - ok
10:00:39.0979 4452	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:00:39.0995 4452	iaStorV - ok
10:00:40.0010 4452	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:00:40.0026 4452	idsvc - ok
10:00:40.0042 4452	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:00:40.0042 4452	iirsp - ok
10:00:40.0057 4452	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:00:40.0088 4452	IKEEXT - ok
10:00:40.0135 4452	IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
10:00:40.0166 4452	IntcAzAudAddService - ok
10:00:40.0182 4452	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:00:40.0182 4452	intelide - ok
10:00:40.0198 4452	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:00:40.0198 4452	intelppm - ok
10:00:40.0213 4452	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:00:40.0229 4452	IPBusEnum - ok
10:00:40.0244 4452	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:00:40.0260 4452	IpFilterDriver - ok
10:00:40.0276 4452	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:00:40.0291 4452	iphlpsvc - ok
10:00:40.0307 4452	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:00:40.0322 4452	IPMIDRV - ok
10:00:40.0322 4452	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:00:40.0354 4452	IPNAT - ok
10:00:40.0354 4452	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:00:40.0369 4452	IRENUM - ok
10:00:40.0369 4452	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:00:40.0385 4452	isapnp - ok
10:00:40.0385 4452	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:00:40.0400 4452	iScsiPrt - ok
10:00:40.0416 4452	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:00:40.0416 4452	kbdclass - ok
10:00:40.0432 4452	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:00:40.0432 4452	kbdhid - ok
10:00:40.0447 4452	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:40.0447 4452	KeyIso - ok
10:00:40.0463 4452	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:00:40.0463 4452	KSecDD - ok
10:00:40.0478 4452	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:00:40.0478 4452	KSecPkg - ok
10:00:40.0494 4452	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:00:40.0510 4452	ksthunk - ok
10:00:40.0525 4452	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:00:40.0556 4452	KtmRm - ok
10:00:40.0556 4452	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:00:40.0588 4452	LanmanServer - ok
10:00:40.0603 4452	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:00:40.0619 4452	LanmanWorkstation - ok
10:00:40.0634 4452	LGBusEnum       (db164eb571fd118d277d939510b0f562) C:\Windows\system32\drivers\LGBusEnum.sys
10:00:40.0634 4452	LGBusEnum - ok
10:00:40.0650 4452	LGPBTDD         (f705a641c18df31b48b5dbda94b425e4) C:\Windows\system32\Drivers\LGPBTDD.sys
10:00:40.0650 4452	LGPBTDD - ok
10:00:40.0650 4452	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
10:00:40.0666 4452	lirsgt - ok
10:00:40.0666 4452	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:00:40.0697 4452	lltdio - ok
10:00:40.0697 4452	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:00:40.0728 4452	lltdsvc - ok
10:00:40.0744 4452	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:00:40.0759 4452	lmhosts - ok
10:00:40.0775 4452	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:00:40.0775 4452	LSI_FC - ok
10:00:40.0790 4452	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:00:40.0790 4452	LSI_SAS - ok
10:00:40.0806 4452	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:00:40.0806 4452	LSI_SAS2 - ok
10:00:40.0822 4452	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:00:40.0822 4452	LSI_SCSI - ok
10:00:40.0837 4452	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:00:40.0853 4452	luafv - ok
10:00:40.0868 4452	MBfilt          (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
10:00:40.0868 4452	MBfilt - ok
10:00:40.0868 4452	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:00:40.0884 4452	Mcx2Svc - ok
10:00:40.0884 4452	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:00:40.0900 4452	megasas - ok
10:00:40.0915 4452	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:00:40.0915 4452	MegaSR - ok
10:00:40.0931 4452	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:00:40.0931 4452	MEIx64 - ok
10:00:40.0946 4452	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:00:40.0962 4452	MMCSS - ok
10:00:40.0978 4452	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:00:40.0993 4452	Modem - ok
10:00:41.0009 4452	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:00:41.0009 4452	monitor - ok
10:00:41.0024 4452	motccgp         (85198fb1e5cc4a9db03443a385ea0ad2) C:\Windows\system32\DRIVERS\motccgp.sys
10:00:41.0024 4452	motccgp - ok
10:00:41.0040 4452	motccgpfl       (577399c75cf85ac68e7830eb150f45ef) C:\Windows\system32\DRIVERS\motccgpfl.sys
10:00:41.0040 4452	motccgpfl - ok
10:00:41.0056 4452	MotioninJoyXFilter (5fec1ff5bb9a1fa5c9cf4544d19d6d5d) C:\Windows\system32\DRIVERS\MijXfilt.sys
10:00:41.0071 4452	MotioninJoyXFilter - ok
10:00:41.0071 4452	motmodem        (0ef6b989af403c1c1b6ebcbd2a280612) C:\Windows\system32\DRIVERS\motmodem.sys
10:00:41.0087 4452	motmodem - ok
10:00:41.0087 4452	MotoHelper      (290750346f5937b02f62594b8eb03215) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
10:00:41.0102 4452	MotoHelper - ok
10:00:41.0102 4452	MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
10:00:41.0118 4452	MotoSwitchService - ok
10:00:41.0118 4452	Motousbnet      (7e1bd35249f4d5a745144b3c77f9fb85) C:\Windows\system32\DRIVERS\Motousbnet.sys
10:00:41.0134 4452	Motousbnet - ok
10:00:41.0134 4452	motusbdevice    (d075b1d964a314d240f5498773ee89df) C:\Windows\system32\DRIVERS\motusbdevice.sys
10:00:41.0149 4452	motusbdevice - ok
10:00:41.0165 4452	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:00:41.0165 4452	mouclass - ok
10:00:41.0180 4452	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:00:41.0180 4452	mouhid - ok
10:00:41.0196 4452	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:00:41.0196 4452	mountmgr - ok
10:00:41.0212 4452	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:00:41.0227 4452	mpio - ok
10:00:41.0227 4452	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:00:41.0258 4452	mpsdrv - ok
10:00:41.0274 4452	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:00:41.0305 4452	MpsSvc - ok
10:00:41.0321 4452	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:00:41.0321 4452	MRxDAV - ok
10:00:41.0336 4452	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:00:41.0352 4452	mrxsmb - ok
10:00:41.0352 4452	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:00:41.0368 4452	mrxsmb10 - ok
10:00:41.0383 4452	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:00:41.0383 4452	mrxsmb20 - ok
10:00:41.0399 4452	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:00:41.0399 4452	msahci - ok
10:00:41.0414 4452	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:00:41.0414 4452	msdsm - ok
10:00:41.0430 4452	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:00:41.0446 4452	MSDTC - ok
10:00:41.0446 4452	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:00:41.0477 4452	Msfs - ok
10:00:41.0477 4452	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:00:41.0508 4452	mshidkmdf - ok
10:00:41.0508 4452	MSICDSetup - ok
10:00:41.0508 4452	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:00:41.0508 4452	msisadrv - ok
10:00:41.0524 4452	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:00:41.0555 4452	MSiSCSI - ok
10:00:41.0555 4452	msiserver - ok
10:00:41.0555 4452	MSI_MSIBIOS_010507 - ok
10:00:41.0570 4452	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:00:41.0586 4452	MSKSSRV - ok
10:00:41.0586 4452	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:00:41.0617 4452	MSPCLOCK - ok
10:00:41.0617 4452	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:00:41.0648 4452	MSPQM - ok
10:00:41.0664 4452	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:00:41.0680 4452	MsRPC - ok
10:00:41.0680 4452	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:00:41.0680 4452	mssmbios - ok
10:00:41.0695 4452	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:00:41.0711 4452	MSTEE - ok
10:00:41.0726 4452	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:00:41.0726 4452	MTConfig - ok
10:00:41.0742 4452	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:00:41.0742 4452	Mup - ok
10:00:41.0758 4452	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:00:41.0773 4452	napagent - ok
10:00:41.0789 4452	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:00:41.0804 4452	NativeWifiP - ok
10:00:41.0836 4452	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:00:41.0851 4452	NDIS - ok
10:00:41.0851 4452	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:00:41.0882 4452	NdisCap - ok
10:00:41.0882 4452	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:00:41.0898 4452	NdisTapi - ok
10:00:41.0914 4452	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:00:41.0929 4452	Ndisuio - ok
10:00:41.0945 4452	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:00:41.0976 4452	NdisWan - ok
10:00:41.0976 4452	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:00:42.0007 4452	NDProxy - ok
10:00:42.0007 4452	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:00:42.0023 4452	NetBIOS - ok
10:00:42.0038 4452	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:00:42.0054 4452	NetBT - ok
10:00:42.0070 4452	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:42.0070 4452	Netlogon - ok
10:00:42.0085 4452	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:00:42.0101 4452	Netman - ok
10:00:42.0116 4452	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:00:42.0148 4452	netprofm - ok
10:00:42.0148 4452	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:00:42.0163 4452	NetTcpPortSharing - ok
10:00:42.0163 4452	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:00:42.0179 4452	nfrd960 - ok
10:00:42.0179 4452	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:00:42.0210 4452	NlaSvc - ok
10:00:42.0226 4452	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:00:42.0241 4452	Npfs - ok
10:00:42.0257 4452	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:00:42.0272 4452	nsi - ok
10:00:42.0288 4452	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:00:42.0304 4452	nsiproxy - ok
10:00:42.0319 4452	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:00:42.0350 4452	Ntfs - ok
10:00:42.0366 4452	NTIOLib_1_0_4 - ok
10:00:42.0366 4452	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:00:42.0382 4452	Null - ok
10:00:42.0397 4452	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:00:42.0397 4452	nusb3hub - ok
10:00:42.0413 4452	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:00:42.0428 4452	nusb3xhc - ok
10:00:42.0428 4452	NVHDA           (dd743dc997f26eddfdcebe7146b458b8) C:\Windows\system32\drivers\nvhda64v.sys
10:00:42.0444 4452	NVHDA - ok
10:00:42.0584 4452	nvlddmkm        (fd7ea1dcfbe760f04146024697329843) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:00:42.0709 4452	nvlddmkm - ok
10:00:42.0725 4452	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:00:42.0725 4452	nvraid - ok
10:00:42.0740 4452	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:00:42.0740 4452	nvstor - ok
10:00:42.0756 4452	NvStUSB         (a49b857561055608326e57b258519da6) C:\Windows\system32\DRIVERS\nvstusb.sys
10:00:42.0756 4452	NvStUSB - ok
10:00:42.0772 4452	NVSvc           (687d36f22e3a1b9513135bbeb47d7556) C:\Windows\system32\nvvsvc.exe
10:00:42.0787 4452	NVSvc - ok
10:00:42.0818 4452	nvUpdatusService (55370b722a62d0b1dca79a58a05a5712) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:00:42.0834 4452	nvUpdatusService - ok
10:00:42.0850 4452	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:00:42.0865 4452	nv_agp - ok
10:00:42.0865 4452	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:00:42.0881 4452	ohci1394 - ok
10:00:42.0896 4452	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:00:42.0896 4452	p2pimsvc - ok
10:00:42.0912 4452	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:00:42.0928 4452	p2psvc - ok
10:00:42.0928 4452	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:00:42.0943 4452	Parport - ok
10:00:42.0959 4452	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:00:42.0959 4452	partmgr - ok
10:00:42.0974 4452	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:00:42.0990 4452	PcaSvc - ok
10:00:42.0990 4452	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:00:43.0006 4452	pci - ok
10:00:43.0006 4452	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:00:43.0021 4452	pciide - ok
10:00:43.0037 4452	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:00:43.0037 4452	pcmcia - ok
10:00:43.0052 4452	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:00:43.0052 4452	pcw - ok
10:00:43.0068 4452	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:00:43.0099 4452	PEAUTH - ok
10:00:43.0115 4452	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:00:43.0130 4452	PerfHost - ok
10:00:43.0146 4452	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:00:43.0193 4452	pla - ok
10:00:43.0193 4452	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:00:43.0208 4452	PlugPlay - ok
10:00:43.0224 4452	PnkBstrA - ok
10:00:43.0224 4452	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:00:43.0240 4452	PNRPAutoReg - ok
10:00:43.0240 4452	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:00:43.0255 4452	PNRPsvc - ok
10:00:43.0271 4452	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:00:43.0302 4452	PolicyAgent - ok
10:00:43.0302 4452	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:00:43.0333 4452	Power - ok
10:00:43.0333 4452	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:00:43.0364 4452	PptpMiniport - ok
10:00:43.0364 4452	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:00:43.0380 4452	Processor - ok
10:00:43.0380 4452	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:00:43.0411 4452	ProfSvc - ok
10:00:43.0427 4452	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:43.0427 4452	ProtectedStorage - ok
10:00:43.0442 4452	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:00:43.0458 4452	Psched - ok
10:00:43.0474 4452	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:00:43.0505 4452	ql2300 - ok
10:00:43.0520 4452	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:00:43.0520 4452	ql40xx - ok
10:00:43.0536 4452	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:00:43.0552 4452	QWAVE - ok
10:00:43.0552 4452	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:00:43.0567 4452	QWAVEdrv - ok
10:00:43.0583 4452	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:00:43.0598 4452	RasAcd - ok
10:00:43.0614 4452	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:00:43.0630 4452	RasAgileVpn - ok
10:00:43.0630 4452	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:00:43.0661 4452	RasAuto - ok
10:00:43.0676 4452	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:00:43.0692 4452	Rasl2tp - ok
10:00:43.0708 4452	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:00:43.0723 4452	RasMan - ok
10:00:43.0739 4452	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:00:43.0770 4452	RasPppoe - ok
10:00:43.0770 4452	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:00:43.0786 4452	RasSstp - ok
10:00:43.0801 4452	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:00:43.0832 4452	rdbss - ok
10:00:43.0832 4452	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:00:43.0848 4452	rdpbus - ok
10:00:43.0848 4452	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:00:43.0879 4452	RDPCDD - ok
10:00:43.0879 4452	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:00:43.0895 4452	RDPENCDD - ok
10:00:43.0910 4452	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:00:43.0926 4452	RDPREFMP - ok
10:00:43.0942 4452	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:00:43.0942 4452	RDPWD - ok
10:00:43.0957 4452	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:00:43.0973 4452	rdyboost - ok
10:00:43.0973 4452	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:00:44.0004 4452	RemoteAccess - ok
10:00:44.0004 4452	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:00:44.0035 4452	RemoteRegistry - ok
10:00:44.0035 4452	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:00:44.0066 4452	RpcEptMapper - ok
10:00:44.0066 4452	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:00:44.0082 4452	RpcLocator - ok
10:00:44.0098 4452	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:00:44.0113 4452	RpcSs - ok
10:00:44.0129 4452	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:00:44.0144 4452	rspndr - ok
10:00:44.0160 4452	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:00:44.0176 4452	RTL8167 - ok
10:00:44.0176 4452	RzSynapse       (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
10:00:44.0191 4452	RzSynapse - ok
10:00:44.0191 4452	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:44.0207 4452	SamSs - ok
10:00:44.0207 4452	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:00:44.0222 4452	sbp2port - ok
10:00:44.0222 4452	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:00:44.0254 4452	SCardSvr - ok
10:00:44.0254 4452	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:00:44.0285 4452	scfilter - ok
10:00:44.0300 4452	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:00:44.0347 4452	Schedule - ok
10:00:44.0347 4452	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:00:44.0363 4452	SCPolicySvc - ok
10:00:44.0378 4452	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:00:44.0394 4452	SDRSVC - ok
10:00:44.0394 4452	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:00:44.0425 4452	secdrv - ok
10:00:44.0425 4452	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:00:44.0441 4452	seclogon - ok
10:00:44.0456 4452	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:00:44.0472 4452	SENS - ok
10:00:44.0488 4452	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:00:44.0488 4452	SensrSvc - ok
10:00:44.0503 4452	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:00:44.0503 4452	Serenum - ok
10:00:44.0519 4452	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:00:44.0519 4452	Serial - ok
10:00:44.0534 4452	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:00:44.0550 4452	sermouse - ok
10:00:44.0550 4452	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:00:44.0581 4452	SessionEnv - ok
10:00:44.0581 4452	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:00:44.0597 4452	sffdisk - ok
10:00:44.0597 4452	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:00:44.0612 4452	sffp_mmc - ok
10:00:44.0628 4452	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:00:44.0628 4452	sffp_sd - ok
10:00:44.0644 4452	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:00:44.0644 4452	sfloppy - ok
10:00:44.0659 4452	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:00:44.0690 4452	SharedAccess - ok
10:00:44.0690 4452	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:00:44.0722 4452	ShellHWDetection - ok
10:00:44.0737 4452	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:00:44.0737 4452	SiSRaid2 - ok
10:00:44.0753 4452	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:00:44.0753 4452	SiSRaid4 - ok
10:00:44.0768 4452	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:00:44.0784 4452	Smb - ok
10:00:44.0800 4452	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:00:44.0815 4452	SNMPTRAP - ok
10:00:44.0815 4452	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:00:44.0831 4452	spldr - ok
10:00:44.0831 4452	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:00:44.0862 4452	Spooler - ok
10:00:44.0924 4452	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:00:44.0987 4452	sppsvc - ok
10:00:44.0987 4452	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:00:45.0018 4452	sppuinotify - ok
10:00:45.0018 4452	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:00:45.0034 4452	srv - ok
10:00:45.0049 4452	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:00:45.0065 4452	srv2 - ok
10:00:45.0080 4452	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:00:45.0080 4452	srvnet - ok
10:00:45.0096 4452	ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
10:00:45.0112 4452	ssadbus - ok
10:00:45.0112 4452	ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
10:00:45.0112 4452	ssadmdfl - ok
10:00:45.0127 4452	ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
10:00:45.0127 4452	ssadmdm - ok
10:00:45.0143 4452	ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
10:00:45.0158 4452	ssadserd - ok
10:00:45.0158 4452	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:00:45.0190 4452	SSDPSRV - ok
10:00:45.0190 4452	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:00:45.0221 4452	SstpSvc - ok
10:00:45.0221 4452	Steam Client Service - ok
10:00:45.0221 4452	Stereo Service  (46ca9dc1af6f36010816f690906aa7f4) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:00:45.0236 4452	Stereo Service - ok
10:00:45.0236 4452	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:00:45.0252 4452	stexstor - ok
10:00:45.0252 4452	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:00:45.0283 4452	stisvc - ok
10:00:45.0283 4452	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:00:45.0283 4452	swenum - ok
10:00:45.0299 4452	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:00:45.0330 4452	swprv - ok
10:00:45.0346 4452	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:00:45.0392 4452	SysMain - ok
10:00:45.0392 4452	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:00:45.0408 4452	TabletInputService - ok
10:00:45.0408 4452	taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
10:00:45.0424 4452	taphss - ok
10:00:45.0424 4452	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:00:45.0455 4452	TapiSrv - ok
10:00:45.0455 4452	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:00:45.0486 4452	TBS - ok
10:00:45.0502 4452	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:00:45.0533 4452	Tcpip - ok
10:00:45.0564 4452	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:00:45.0580 4452	TCPIP6 - ok
10:00:45.0595 4452	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:00:45.0611 4452	tcpipreg - ok
10:00:45.0626 4452	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:00:45.0626 4452	TDPIPE - ok
10:00:45.0642 4452	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:00:45.0642 4452	TDTCP - ok
10:00:45.0658 4452	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:00:45.0673 4452	tdx - ok
10:00:45.0689 4452	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:00:45.0689 4452	TermDD - ok
10:00:45.0704 4452	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:00:45.0736 4452	TermService - ok
10:00:45.0736 4452	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:00:45.0751 4452	Themes - ok
10:00:45.0767 4452	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:00:45.0782 4452	THREADORDER - ok
10:00:45.0782 4452	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:00:45.0814 4452	TrkWks - ok
10:00:45.0814 4452	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:00:45.0845 4452	TrustedInstaller - ok
10:00:45.0845 4452	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:00:45.0876 4452	tssecsrv - ok
10:00:45.0876 4452	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:00:45.0892 4452	TsUsbFlt - ok
10:00:45.0892 4452	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:00:45.0907 4452	TsUsbGD - ok
10:00:45.0907 4452	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:00:45.0938 4452	tunnel - ok
10:00:45.0938 4452	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:00:45.0954 4452	uagp35 - ok
10:00:45.0954 4452	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:00:45.0985 4452	udfs - ok
10:00:45.0985 4452	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:00:46.0001 4452	UI0Detect - ok
10:00:46.0016 4452	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:00:46.0016 4452	uliagpkx - ok
10:00:46.0032 4452	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:00:46.0032 4452	umbus - ok
10:00:46.0048 4452	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:00:46.0048 4452	UmPass - ok
10:00:46.0063 4452	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:00:46.0094 4452	upnphost - ok
10:00:46.0094 4452	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:00:46.0110 4452	usbccgp - ok
10:00:46.0110 4452	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:00:46.0126 4452	usbcir - ok
10:00:46.0141 4452	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:00:46.0141 4452	usbehci - ok
10:00:46.0157 4452	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:00:46.0172 4452	usbhub - ok
10:00:46.0172 4452	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:00:46.0188 4452	usbohci - ok
10:00:46.0204 4452	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:00:46.0204 4452	usbprint - ok
10:00:46.0219 4452	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:00:46.0235 4452	usbscan - ok
10:00:46.0235 4452	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:00:46.0250 4452	USBSTOR - ok
10:00:46.0250 4452	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:00:46.0266 4452	usbuhci - ok
10:00:46.0282 4452	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:00:46.0297 4452	UxSms - ok
10:00:46.0313 4452	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:46.0313 4452	VaultSvc - ok
10:00:46.0328 4452	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:00:46.0328 4452	vdrvroot - ok
10:00:46.0344 4452	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:00:46.0360 4452	vds - ok
10:00:46.0375 4452	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:00:46.0391 4452	vga - ok
10:00:46.0391 4452	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:00:46.0422 4452	VgaSave - ok
10:00:46.0422 4452	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:00:46.0438 4452	vhdmp - ok
10:00:46.0438 4452	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:00:46.0453 4452	viaide - ok
10:00:46.0453 4452	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:00:46.0469 4452	volmgr - ok
10:00:46.0484 4452	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:00:46.0484 4452	volmgrx - ok
10:00:46.0500 4452	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:00:46.0516 4452	volsnap - ok
10:00:46.0516 4452	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:00:46.0531 4452	vsmraid - ok
10:00:46.0562 4452	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:00:46.0594 4452	VSS - ok
10:00:46.0609 4452	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:00:46.0625 4452	vwifibus - ok
10:00:46.0625 4452	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:00:46.0656 4452	W32Time - ok
10:00:46.0672 4452	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:00:46.0672 4452	WacomPen - ok
10:00:46.0687 4452	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:46.0703 4452	WANARP - ok
10:00:46.0718 4452	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:46.0734 4452	Wanarpv6 - ok
10:00:46.0796 4452	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:00:46.0843 4452	wbengine - ok
10:00:46.0859 4452	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:00:46.0890 4452	WbioSrvc - ok
10:00:46.0890 4452	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:00:46.0921 4452	wcncsvc - ok
10:00:46.0937 4452	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:00:46.0952 4452	WcsPlugInService - ok
10:00:46.0952 4452	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:00:46.0968 4452	Wd - ok
10:00:46.0984 4452	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:00:46.0999 4452	Wdf01000 - ok
10:00:46.0999 4452	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:47.0030 4452	WdiServiceHost - ok
10:00:47.0030 4452	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:47.0046 4452	WdiSystemHost - ok
10:00:47.0062 4452	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:00:47.0077 4452	WebClient - ok
10:00:47.0077 4452	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:00:47.0108 4452	Wecsvc - ok
10:00:47.0124 4452	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:00:47.0140 4452	wercplsupport - ok
10:00:47.0155 4452	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:00:47.0171 4452	WerSvc - ok
10:00:47.0186 4452	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:00:47.0202 4452	WfpLwf - ok
10:00:47.0202 4452	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:00:47.0218 4452	WIMMount - ok
10:00:47.0218 4452	WinDefend - ok
10:00:47.0218 4452	WinHttpAutoProxySvc - ok
10:00:47.0233 4452	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:00:47.0264 4452	Winmgmt - ok
10:00:47.0280 4452	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:00:47.0327 4452	WinRM - ok
10:00:47.0342 4452	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:00:47.0342 4452	WinUsb - ok
10:00:47.0374 4452	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:00:47.0389 4452	Wlansvc - ok
10:00:47.0420 4452	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:00:47.0452 4452	wlidsvc - ok
10:00:47.0452 4452	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:00:47.0467 4452	WmiAcpi - ok
10:00:47.0467 4452	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:00:47.0483 4452	wmiApSrv - ok
10:00:47.0483 4452	WMPNetworkSvc - ok
10:00:47.0498 4452	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:00:47.0498 4452	WPCSvc - ok
10:00:47.0514 4452	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:00:47.0530 4452	WPDBusEnum - ok
10:00:47.0530 4452	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:00:47.0545 4452	ws2ifsl - ok
10:00:47.0561 4452	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:00:47.0576 4452	wscsvc - ok
10:00:47.0576 4452	WSearch - ok
10:00:47.0608 4452	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:00:47.0654 4452	wuauserv - ok
10:00:47.0670 4452	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:00:47.0686 4452	WudfPf - ok
10:00:47.0701 4452	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:00:47.0717 4452	WUDFRd - ok
10:00:47.0732 4452	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:00:47.0748 4452	wudfsvc - ok
10:00:47.0764 4452	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:00:47.0779 4452	WwanSvc - ok
10:00:47.0795 4452	xusb21          (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
10:00:47.0795 4452	xusb21 - ok
10:00:47.0795 4452	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:00:47.0857 4452	\Device\Harddisk0\DR0 - ok
10:00:47.0857 4452	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
10:00:47.0888 4452	\Device\Harddisk1\DR1 - ok
10:00:47.0888 4452	Boot (0x1200)   (3f28400bd972a37183906bf5ef9952ee) \Device\Harddisk0\DR0\Partition0
10:00:47.0888 4452	\Device\Harddisk0\DR0\Partition0 - ok
10:00:47.0888 4452	Boot (0x1200)   (5a87b4546bd42803a0247fbf3708774c) \Device\Harddisk0\DR0\Partition1
10:00:47.0888 4452	\Device\Harddisk0\DR0\Partition1 - ok
10:00:47.0888 4452	Boot (0x1200)   (109024bd49123f5762962597d94c1245) \Device\Harddisk1\DR1\Partition0
10:00:47.0888 4452	\Device\Harddisk1\DR1\Partition0 - ok
10:00:47.0888 4452	Boot (0x1200)   (71ffea88d186c422a105b114eb534404) \Device\Harddisk1\DR1\Partition1
10:00:47.0904 4452	\Device\Harddisk1\DR1\Partition1 - ok
10:00:47.0904 4452	============================================================
10:00:47.0904 4452	Scan finished
10:00:47.0904 4452	============================================================
10:00:47.0904 3800	Detected object count: 2
10:00:47.0904 3800	Actual detected object count: 2
10:01:00.0275 3800	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:00.0275 3800	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:01:00.0275 3800	Boonty Games ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:00.0275 3800	Boonty Games ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 04.04.2012, 12:36

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Weezy13 · 04.04.2012, 23:02

Code:

ATTFilter

ComboFix 12-04-04.02 - Bad Weezy 04.04.2012  23:55:01.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8163.6877 [GMT 2:00]
ausgeführt von:: c:\users\Bad Weezy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bad Weezy\AppData\Local\bloson.bmp
c:\users\Bad Weezy\AppData\Local\Bloson.exe
c:\users\Bad Weezy\AppData\Local\ConduitInstaller.exe
c:\users\Bad Weezy\AppData\Local\lateral1.bmp
c:\users\Bad Weezy\AppData\Local\lateral2.bmp
c:\users\Bad Weezy\AppData\Local\lateral3.bmp
c:\users\Bad Weezy\AppData\Local\toolbar3.bmp
c:\users\Bad Weezy\AppData\Roaming\toolplugin\toolbar.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-04 bis 2012-04-04  ))))))))))))))))))))))))))))))
.
.
2012-04-04 21:56 . 2012-04-04 21:56	--------	d-----w-	c:\users\UpdatusUser.BadWeezy-PC\AppData\Local\temp
2012-04-04 21:56 . 2012-04-04 21:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-04 07:47 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{11507107-55A5-446B-B4F9-46F03093ADCF}\mpengine.dll
2012-04-03 05:01 . 2012-04-03 05:01	--------	d-----w-	C:\_OTL
2012-04-02 01:00 . 2012-04-02 01:00	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-04-01 21:34 . 2012-04-01 21:34	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-30 19:42 . 2012-03-30 19:42	--------	d-----w-	c:\program files (x86)\ESET
2012-03-28 23:51 . 2012-03-28 23:51	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-03-28 20:54 . 2012-03-13 04:38	97208	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-03-28 20:54 . 2012-03-13 04:36	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-28 20:54 . 2012-03-13 04:36	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-28 20:54 . 2012-03-13 04:35	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-28 20:54 . 2012-03-13 04:35	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-28 20:54 . 2012-03-13 04:35	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-28 20:25 . 2012-03-28 20:25	--------	d-----w-	c:\users\Bad Weezy\AppData\Roaming\Malwarebytes
2012-03-28 20:25 . 2012-03-28 20:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-28 20:25 . 2012-03-28 20:25	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-28 20:25 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-18 02:00 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-18 02:00 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 02:00 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-17 10:13 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-17 10:13 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-17 10:13 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-17 10:10 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-17 10:10 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-17 10:10 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-17 10:10 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-17 10:10 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-17 10:10 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-17 10:10 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 21:34 . 2011-06-20 12:48	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 23:51 . 2011-06-21 04:34	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-27 01:06 . 2012-02-27 01:06	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-27 01:06 . 2012-02-27 01:06	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-27 01:05 . 2012-02-27 01:05	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-18 14:28 . 2011-10-20 08:46	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-31 23:02 . 2012-01-31 23:02	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-31 23:02 . 2012-01-31 23:02	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-01-31 23:02 . 2012-01-31 23:02	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-01-31 23:02 . 2012-01-31 23:02	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-01-31 23:02 . 2012-01-31 23:02	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-01-31 23:02 . 2012-01-31 23:02	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-01-31 23:02 . 2012-01-31 23:02	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-01-31 23:02 . 2012-01-31 23:02	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-31 23:02 . 2012-01-31 23:02	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-01-31 23:02 . 2012-01-31 23:02	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-01-31 23:02 . 2012-01-31 23:02	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-01-31 23:02 . 2012-01-31 23:02	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-01-31 23:02 . 2012-01-31 23:02	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-01-31 23:02 . 2012-01-31 23:02	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-01-31 23:02 . 2012-01-31 23:02	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-01-31 23:02 . 2012-01-31 23:02	448512	----a-w-	c:\windows\system32\html.iec
2012-01-31 23:02 . 2012-01-31 23:02	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-01-31 23:02 . 2012-01-31 23:02	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-01-31 23:02 . 2012-01-31 23:02	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-01-31 23:02 . 2012-01-31 23:02	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-01-31 23:02 . 2012-01-31 23:02	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-01-31 23:02 . 2012-01-31 23:02	222208	----a-w-	c:\windows\system32\msls31.dll
2012-01-31 23:02 . 2012-01-31 23:02	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-01-31 23:02 . 2012-01-31 23:02	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-01-31 23:02 . 2012-01-31 23:02	160256	----a-w-	c:\windows\system32\wextract.exe
2012-01-31 23:02 . 2012-01-31 23:02	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-01-31 23:02 . 2012-01-31 23:02	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-01-31 23:02 . 2012-01-31 23:02	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-01-31 23:02 . 2012-01-31 23:02	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-01-31 23:02 . 2012-01-31 23:02	12288	----a-w-	c:\windows\system32\mshta.exe
2012-01-31 23:02 . 2012-01-31 23:02	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-01-31 23:02 . 2012-01-31 23:02	114176	----a-w-	c:\windows\system32\admparse.dll
2012-01-31 23:02 . 2012-01-31 23:02	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-01-31 23:02 . 2012-01-31 23:02	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-01-25 11:58 . 2012-01-25 11:58	27136	----a-w-	c:\windows\system32\drivers\Motousbnet.sys
2012-01-25 11:57 . 2012-01-25 11:57	30720	----a-w-	c:\windows\system32\drivers\motmodem.sys
2012-01-25 11:57 . 2012-01-25 11:57	9728	----a-w-	c:\windows\system32\drivers\motccgpfl.sys
2012-01-25 11:57 . 2012-01-25 11:57	22016	----a-w-	c:\windows\system32\drivers\motccgp.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Password Safe Standard"="c:\program files (x86)\Password Safe and Repository 6\psr.exe" [2011-11-04 4727352]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-03-31 2051]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"WinampAgent"="c:\programme (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-11 102912]
winamp - Verknüpfung.lnk - c:\programme (x86)\Winamp\winamp.exe [2011-7-11 1595520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-17 381248]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"combofix"="c:\combofix\CF32445.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Bad Weezy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bad Weezy\AppData\Roaming\Mozilla\Firefox\Profiles\1sv1wk8c.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Super-Charger - c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-toolplugin - c:\users\BADWEE~1\AppData\Local\Temp\WZSE0.TMP\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,c7,a8,b8,38,ab,e3,4a,9c,8c,00,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,c7,a8,b8,38,ab,e3,4a,9c,8c,00,\
.
[HKEY_USERS\S-1-5-21-192102404-974623874-4118770486-1000\Software\SecuROM\License information*]
"datasecu"=hex:2c,78,3b,d2,4b,47,04,af,b9,f2,b2,5a,e0,d2,ef,7b,88,fa,0f,47,dd,
   25,df,88,43,7e,27,76,d5,b9,34,1c,dc,7c,98,36,5c,05,5c,fd,8d,71,c3,a6,de,4c,\
"rkeysecu"=hex:3a,41,18,80,6d,68,a1,2c,db,0d,29,6e,c7,73,b7,c2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-04  23:58:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-04 21:58
.
Vor Suchlauf: 13 Verzeichnis(se), 65.672.052.736 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 65.195.163.648 Bytes frei
.
- - End Of File - - 7845E6CB7636117A689F445CC179FFC6

cosinus · 04.04.2012, 23:36

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Weezy13 · 05.04.2012, 13:59

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 14:53:04
-----------------------------
14:53:04.205    OS Version: Windows x64 6.1.7601 Service Pack 1
14:53:04.205    Number of processors: 8 586 0x2A07
14:53:04.205    ComputerName: BADWEEZY-PC  UserName: Bad Weezy
14:53:04.376    Initialize success
14:55:52.008    AVAST engine defs: 12040500
14:56:41.242    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:56:41.242    Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
14:56:41.242    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
14:56:41.242    Disk 1 Vendor: OCZ-VERTEX2_3.5 1.29 Size: 109704MB BusType: 11
14:56:41.258    Disk 1 MBR read successfully
14:56:41.258    Disk 1 MBR scan
14:56:41.258    Disk 1 Windows 7 default MBR code
14:56:41.258    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:56:41.273    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       109602 MB offset 206848
14:56:41.273    Disk 1 scanning C:\Windows\system32\drivers
14:56:43.239    Service scanning
14:56:45.095    Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
14:56:48.683    Modules scanning
14:56:48.683    Disk 1 trace - called modules:
14:56:48.699    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
14:56:48.699    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800756a060]
14:56:48.699    3 CLASSPNP.SYS[fffff880019a743f] -> nt!IofCallDriver -> [0xfffffa8007335040]
14:56:48.714    5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007337060]
14:56:48.870    AVAST engine scan C:\Windows
14:56:49.526    AVAST engine scan C:\Windows\system32
14:57:35.109    AVAST engine scan C:\Windows\system32\drivers
14:57:37.542    AVAST engine scan C:\Users\Bad Weezy
14:57:49.835    AVAST engine scan C:\ProgramData
14:57:52.612    Scan finished successfully
14:58:04.281    Disk 1 MBR has been saved successfully to "C:\Users\Bad Weezy\Desktop\MBR.dat"
14:58:04.281    The log file has been saved successfully to "C:\Users\Bad Weezy\Desktop\aswMBR.txt"

30.03.2012, 22:58	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows wurde blockiert - 50€ Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Windows wurde blockiert - 50€

Plagegeister aller Art und deren Bekämpfung: Windows wurde blockiert - 50€