Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Smart Fortress 2012 / sicherheitscenter ausgeschaltet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.04.2012, 11:49   #1
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Ich habe mir gestern irgendwie die wohl nervtötendste malware meines Lebens eingefangen: das Smart Fortress 2012.
Nachdem dieser Mist alles blockiert hat, was ich versucht habe, habe ich erstmal denn PC abgewürgt und dann im abgesicherten modus gestartet. Dann einmal antivir durchlaufen lassen - kein Fund.
Also Malwarebytes Anti-Malware im Quickscan drüberlaufen lassen - und siehe da: 6 Funde! Alles entfernt, neugestartet: alles funktioniert wieder. Ich habe außerdem entweder vor oder nach dem Anti-Malware-Scan noch die FixExe ausgeführt (was wohl unnötig war).
Dann noch mal einen vollständigen Scan mit Malwarebyte - 1 Fund - entfernt.
Schlussendlich habe ich noch tdsskiller installiert und ausgeführt. Da gab es noch einen Fund, bei dem ich auf "Delete" geklickt habe, vielleicht liegt ja auch da der Fehler.

Seitdem bekomme ich bei jeder Anmeldung, egal bei welchem benutzerkonto, eine meldung, ungefähr in diesem Sinn: Fehler bei der Anwendungsinitialisierung. 0x800106ba kontte nicht gestartet werden, und dann noch etwas mit an Hilfe&Support wenden, wenn das Problem weiterhin besteht.
Hinzu kommt noch, dass mein Sicherheitscenter nicht mehr funktioniert: in der Taskleiste steht der Windows-Sicherheitshinweis, dass mein Sicherheitscenter deaktiviert ist, und ich kann es nicht wieder einschalten. Wenn ich es versuche, kriege ich folgende Fehlermeldung: "Der Sicherheitscenterdienst konnte nicht gestartet werden."

Nun weiß ich nicht, ob mein System auch wirklich sauber ist, deshalb dieses Posting.

Hier noch die DDS.txt

Code:
ATTFilter
 .
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by *** at 11:40:36 on 2012-04-28
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.4094.2762 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.183.128.35 194.183.128.36
TCP: Interfaces\{F7F47CC9-50DD-494F-B229-41D27BA5A4B5} : DhcpNameServer = 194.183.128.35 194.183.128.36
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hluc9alb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\QT Lite\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-14 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-14 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2011-3-17 29261152]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2010-10-8 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2010-10-8 211232]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-3-30 1295416]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-3-30 681016]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253600]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2011-9-27 93848]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-28 08:28:24	4754944	----a-w-	C:\Users\***\unetbootin-windows-568.exe
2012-04-28 07:29:02	476904	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-28 07:29:02	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-04-28 07:14:57	--------	d-----w-	C:\Users\***\AppData\Local\Secunia PSI (BETA)
2012-04-28 07:14:47	--------	d-----w-	C:\Program Files (x86)\Secunia
2012-04-28 03:22:23	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-04-28 03:21:10	2074160	----a-w-	C:\Users\***\tdsskiller.exe
2012-04-28 02:38:46	--------	d-----w-	C:\Windows\pss
2012-04-27 08:25:53	8917360	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55E928D3-F6C4-4338-991F-EC43C0D3F47A}\mpengine.dll
2012-04-11 22:10:59	78848	----a-w-	C:\Windows\System32\imagehlp.dll
2012-04-11 22:10:59	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-04-11 22:10:59	219136	----a-w-	C:\Windows\System32\wintrust.dll
2012-04-11 22:10:59	172032	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-04-11 22:10:59	157696	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-04-11 08:03:32	2409784	----a-w-	C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 08:03:32	2409784	----a-w-	C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-03-29 09:53:51	418464	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2012-04-28 07:25:45	70304	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-03-06 06:44:22	4699520	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-02-29 15:37:41	5632	----a-w-	C:\Windows\System32\wmi.dll
2012-02-29 13:52:46	16384	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-02-28 06:56:48	2311168	----a-w-	C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56	1390080	----a-w-	C:\Windows\System32\wininet.dll
2012-02-28 06:48:57	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55	1799168	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-14 16:49:43	327680	----a-w-	C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43	196096	----a-w-	C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30	219648	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30	160768	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31	2002944	----a-w-	C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08	1172480	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48	834048	----a-w-	C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11	1555968	----a-w-	C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57	683008	----a-w-	C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40	1068544	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25	2765824	----a-w-	C:\Windows\System32\win32k.sys
.
============= FINISH: 11:40:49,90 ===============
         
Im Anhang befindet sich noch die attach datei im zip format.

Hier noch die Logs von Malwarebyte:

Der Full-Scan:

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.01

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Matthias :: EL-PC [Administrator]

28.04.2012 05:50:07
mbam-log-2012-04-28 (05-50-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 671322
Laufzeit: 2 Stunde(n), 11 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Matthias\Matthias\SoftonicDownloader_fuer_k-lite-codec-pack.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Und der Quick-Scan:

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.01

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Matthias :: EL-PC [Administrator]

28.04.2012 04:59:48
mbam-log-2012-04-28 (04-59-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 287765
Laufzeit: 11 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|B7E8586E002691CF000061E3570F1C8B (Trojan.LameShield) -> Daten: C:\ProgramData\B7E8586E002691CF000061E3570F1C8B\B7E8586E002691CF000061E3570F1C8B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\B7E8586E002691CF000061E3570F1C8B\B7E8586E002691CF000061E3570F1C8B.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und der vollständigkeit halber hier noch der Report von AntiVir:

Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 28. April 2012  04:48

Es wird nach 3719726 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista x64
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : Matthias
Computername   : EL-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.898           Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  15.02.2012 18:00:32
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  15.02.2012 18:00:31
LUKE.DLL       : 12.1.0.19      68304 Bytes  15.02.2012 18:00:34
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  15.02.2012 18:00:37
AVREG.DLL      : 12.1.0.36     229128 Bytes  06.04.2012 10:32:55
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 16:12:01
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:10:05
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 08:01:34
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 08:01:37
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 08:01:37
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 08:01:37
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 08:01:37
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 08:01:38
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 08:01:38
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 08:01:39
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 08:01:39
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 08:01:39
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 08:52:37
VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 10:29:15
VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 10:32:55
VBASE017.VDF   : 7.11.27.41    247808 Bytes  08.04.2012 14:10:17
VBASE018.VDF   : 7.11.27.107   161280 Bytes  12.04.2012 14:10:01
VBASE019.VDF   : 7.11.27.159   148992 Bytes  13.04.2012 14:14:27
VBASE020.VDF   : 7.11.27.201   207360 Bytes  17.04.2012 15:46:59
VBASE021.VDF   : 7.11.28.3     237568 Bytes  19.04.2012 16:36:14
VBASE022.VDF   : 7.11.28.49    193536 Bytes  20.04.2012 21:58:21
VBASE023.VDF   : 7.11.28.99    195072 Bytes  23.04.2012 08:26:05
VBASE024.VDF   : 7.11.28.133   247808 Bytes  24.04.2012 14:46:51
VBASE025.VDF   : 7.11.28.183   186880 Bytes  26.04.2012 14:46:51
VBASE026.VDF   : 7.11.28.184     2048 Bytes  26.04.2012 14:46:51
VBASE027.VDF   : 7.11.28.185     2048 Bytes  26.04.2012 14:46:51
VBASE028.VDF   : 7.11.28.186     2048 Bytes  26.04.2012 14:46:51
VBASE029.VDF   : 7.11.28.187     2048 Bytes  26.04.2012 14:46:51
VBASE030.VDF   : 7.11.28.188     2048 Bytes  26.04.2012 14:46:51
VBASE031.VDF   : 7.11.28.226   114176 Bytes  27.04.2012 02:46:33
Engineversion  : 8.2.10.58 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 17:39:36
AESCRIPT.DLL   : 8.1.4.18      455034 Bytes  27.04.2012 14:47:50
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 20:00:48
AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 18:17:21
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.16.9      807287 Bytes  31.03.2012 08:54:02
AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  27.04.2012 14:47:49
AEHEUR.DLL     : 8.1.4.21     4682102 Bytes  27.04.2012 14:47:49
AEHELP.DLL     : 8.1.20.0      254326 Bytes  27.04.2012 14:47:46
AEGEN.DLL      : 8.1.5.28      422260 Bytes  27.04.2012 14:47:46
AEEXP.DLL      : 8.1.0.33       82293 Bytes  27.04.2012 14:47:50
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 18:52:28
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL     : 12.1.0.23     209360 Bytes  15.02.2012 18:00:30
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Matthias\AppData\Local\Temp\be37ead5.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 28. April 2012  04:48

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\ProgramData\B7E8586E002691CF000061E3570F1C8B'


Ende des Suchlaufs: Samstag, 28. April 2012  04:48
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      1 Verzeichnisse wurden überprüft
      2 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
      2 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
         
Bei Malwarebytes hätte ich auch noch sechs weitere Logs, aus dem Jahr 2011, falls die weiterhelfen.

Ich hoffe, hier kann jemand etwas damit anfangen, und bedanke mich schonmal im voraus für jegliche Hilfe.

Alt 30.04.2012, 13:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 01.05.2012, 00:10   #3
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Scan ist fertig, hier das Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=827c3d26e495e64ba886122c7abe5e33
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-30 10:24:51
# local_time=2012-05-01 12:24:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 17206596 17206596 0 0
# compatibility_mode=5892 16776638 100 56 242353 173334393 0 0
# compatibility_mode=8192 67108863 100 0 291 291 0 0
# scanned=401523
# found=1
# cleaned=0
# scan_time=14203
C:\Users\Wolfgang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\33RGCFD9\stream[2].htm	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
         
Hat mich noch darauf hingewiesen, dass der Windows Defender noch aktiviert und vielleicht "im Weg" ist, aber nachdem der ja eben bei mir momentan hinten und vorne nicht funktioniert, konnte ich da nicht viel machen.
__________________

Alt 01.05.2012, 15:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.05.2012, 15:45   #5
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



zu 1.) Mit Ausnahme des Sicherheitscenters (das ausgeschaltet ist und welches ich nicht wieder einschalten kann) und des Windows Defenders (da geht gar nichts mehr) funktioniert soweit eigentlich alles.

zu 2.) Der einzige leere Ordner ist der von Open Office.org 3.1, wobei ich aber auch vor kurzem die neue Version 3.2 installiert habe, kann also auch daher kommen.
Im Autostart-Ordner befindet sich nur Secunia PSI Tray, das habe ich allerdings erst nach dem Virenbefall und der Entfernung durch Malwarebytes installiert. Wenn ich da drauf klicke, passiert aber nichts.


Alt 01.05.2012, 16:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Smart Fortress 2012 / sicherheitscenter ausgeschaltet

Alt 01.05.2012, 17:25   #7
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Erledigt, hier das Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.05.2012 18:03:00 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Matthias\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,93% Memory free
8,18 Gb Paging File | 6,54 Gb Available in Paging File | 79,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 35,80 Gb Free Space | 7,69% Space Free | Partition Type: NTFS
 
Computer Name: EL-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.01 18:00:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
PRC - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.03.30 12:26:12 | 000,562,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.17 19:08:32 | 029,261,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.04.30 13:12:24 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.20 14:07:50 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.17 19:08:32 | 029,261,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.25 12:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.09.18 22:17:16 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.05.21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 20:00:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.07 00:06:48 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.23 09:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.24 15:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2006.11.22 09:12:00 | 000,275,456 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 2D 34 18 7C 31 CA 01  [binary data]
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\SearchScopes\{B95BBBC8-8E1F-4F2D-B95A-4C802F614257}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.10.02 20:23:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 01:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 12:12:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.10.02 20:23:46 | 000,000,000 | ---D | M]
 
[2009.09.09 20:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.04.26 13:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\hluc9alb.default\extensions
[2010.04.27 23:12:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\hluc9alb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.28 09:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.28 09:29:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.18 01:53:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.28 09:28:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 21:08:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 21:08:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 21:08:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 21:08:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 21:08:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 21:08:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Margaretha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.183.128.35 194.183.128.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F47CC9-50DD-494F-B229-41D27BA5A4B5}: DhcpNameServer = 194.183.128.35 194.183.128.36
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell - "" = AutoRun
O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: lonet - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SoftAuto.exe - hkey= - key= - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: 31640508.sys - Driver
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 31640508.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 31640508.sys - Driver
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 31640508.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.01 18:00:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012.04.30 20:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.30 20:22:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Matthias\Desktop\esetsmartinstaller_enu.exe
[2012.04.29 17:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.29 17:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.29 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.04.28 16:13:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\HpUpdate
[2012.04.28 16:12:59 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.04.28 11:41:56 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\platz!
[2012.04.28 11:36:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\dds.com
[2012.04.28 10:28:24 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\Matthias\unetbootin-windows-568.exe
[2012.04.28 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.04.28 09:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.04.28 09:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.28 09:14:57 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Secunia PSI (BETA)
[2012.04.28 09:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.04.28 05:22:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.04.28 05:21:10 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthias\tdsskiller.exe
[2012.04.28 04:38:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.01 18:00:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2012.05.01 18:00:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.01 16:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.01 15:13:03 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 15:13:03 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.30 20:22:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Matthias\Desktop\esetsmartinstaller_enu.exe
[2012.04.29 17:29:26 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.28 16:17:28 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012.04.28 12:48:07 | 000,002,640 | ---- | M] () -- C:\Users\Matthias\Desktop\Attach.zip
[2012.04.28 12:12:27 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.28 11:36:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\dds.com
[2012.04.28 11:36:04 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012.04.28 11:34:40 | 000,050,477 | ---- | M] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012.04.28 10:31:50 | 001,590,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.28 10:31:50 | 000,680,288 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.28 10:31:50 | 000,646,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.28 10:31:50 | 000,146,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.28 10:31:50 | 000,123,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.28 10:28:28 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\Matthias\unetbootin-windows-568.exe
[2012.04.28 09:27:29 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.04.28 09:14:49 | 000,000,941 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.04.28 09:09:51 | 000,253,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.28 06:09:16 | 000,001,460 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps64.dat
[2012.04.28 05:49:29 | 000,001,356 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2012.04.28 05:21:11 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthias\tdsskiller.exe
[2012.04.28 04:56:08 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.22 04:16:25 | 000,000,220 | ---- | M] () -- C:\Users\Matthias\Desktop\Psychonauts.url
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.29 17:29:26 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.28 12:48:07 | 000,002,640 | ---- | C] () -- C:\Users\Matthias\Desktop\Attach.zip
[2012.04.28 11:36:04 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012.04.28 11:34:39 | 000,050,477 | ---- | C] () -- C:\Users\Matthias\Desktop\Defogger.exe
[2012.04.28 09:32:46 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.04.28 09:32:46 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.28 09:14:49 | 000,000,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.04.28 09:14:49 | 000,000,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.04.28 04:56:08 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.22 04:16:25 | 000,000,220 | ---- | C] () -- C:\Users\Matthias\Desktop\Psychonauts.url
[2011.12.26 04:44:14 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.27 14:46:49 | 011,165,696 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Sandra.mdb
[2011.08.24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.06.02 19:17:48 | 000,000,765 | ---- | C] () -- C:\Windows\ONFORMAT.INI
[2011.06.02 19:17:48 | 000,000,341 | ---- | C] () -- C:\Windows\RECMGRUN.INI
[2011.06.02 19:17:36 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI
[2011.03.26 17:41:16 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.03.26 16:57:47 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011.03.18 11:17:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 17:43:18 | 000,001,356 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.11.18 15:20:02 | 000,000,278 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010.05.27 18:01:56 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
 
========== LOP Check ==========
 
[2010.03.18 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010.03.30 20:33:05 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\NwDocx
[2009.09.14 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\OpenOffice.org
[2011.04.28 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Sony
[2009.09.17 19:24:55 | 000,000,000 | ---D | M] -- C:\Users\Margaretha\AppData\Roaming\OpenOffice.org
[2009.12.20 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2012.03.29 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\BitTorrent
[2010.11.16 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite
[2010.03.19 10:21:45 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dragon Age Toolset
[2010.05.21 23:50:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FOG Downloader
[2009.10.07 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GrabPro
[2010.06.02 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\LG Electronics
[2009.09.14 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org
[2009.10.22 13:03:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Orbit
[2011.07.13 19:23:40 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony
[2010.03.18 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony Setup
[2010.05.20 12:59:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tuige
[2011.07.25 23:20:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\uqm
[2010.05.19 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xyky
[2011.08.27 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Amazon
[2009.09.27 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\OpenOffice.org
[2009.10.09 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Orbit
[2010.04.10 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Sony
[2012.05.01 02:17:59 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.09.26 17:53:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Adobe
[2009.12.20 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2010.06.28 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Apple Computer
[2011.03.18 11:30:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ATI
[2011.10.14 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avira
[2012.03.29 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\BitTorrent
[2010.08.01 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Creative
[2010.11.16 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite
[2010.03.19 10:21:45 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dragon Age Toolset
[2012.03.18 18:32:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\dvdcss
[2010.05.21 23:50:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FOG Downloader
[2009.10.07 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GrabPro
[2009.12.07 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HP
[2012.04.28 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HpUpdate
[2009.09.09 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Identities
[2010.06.02 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\InstallShield
[2010.06.02 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\LG Electronics
[2009.09.10 14:19:19 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Macromedia
[2011.09.12 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Center Programs
[2009.09.09 21:19:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Player Classic
[2010.12.08 15:24:55 | 000,000,000 | --SD | M] -- C:\Users\Matthias\AppData\Roaming\Microsoft
[2011.10.13 03:18:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\mIRC
[2009.09.09 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mozilla
[2009.09.14 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org
[2009.10.22 13:03:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Orbit
[2010.02.19 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Real
[2009.09.15 14:38:08 | 000,000,000 | RH-D | M] -- C:\Users\Matthias\AppData\Roaming\SecuROM
[2011.07.13 19:23:40 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony
[2010.03.18 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony Setup
[2010.05.20 12:59:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tuige
[2011.07.25 23:20:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\uqm
[2012.04.27 23:53:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\vlc
[2010.05.19 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xyky
 
< %APPDATA%\*.exe /s >
[2011.06.05 19:04:42 | 000,010,134 | R--- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2010.02.19 16:18:38 | 000,009,454 | R--- | M] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Installer\{88DAAF05-5A72-46D2-A7C5-C3759697E943}\_6FEFF9B68218417F98F549.exe
[2010.03.18 18:42:11 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\Users\Matthias\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.13 17:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 680 bytes -> C:\Users\Matthias\Documents\WLAN-Modem.eml:OECustomProperty

< End of report >
         
--- --- ---

Alt 01.05.2012, 18:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3 - HKU\S-1-5-21-1419767165-1224086374-814660101-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell - "" = AutoRun
O33 - MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
[2011.07.25 23:20:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\uqm
[2010.05.19 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xyky
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.05.2012, 22:25   #9
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Beim ersten Versuch bekam ich einen Bluescreen of Death, beim zweiten klappte am Anfang alles, aber am Ende stürzte OTL ab. Beim dritten Versuch klappte dann alles, hier nun das log, das sich nach dem Neustart geöffnet hat.

Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1419767165-1224086374-814660101-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40edac4e-1d5f-11e0-9292-c66cc66dd9f4}\ not found.
File K:\LaunchU3.exe -a not found.
Folder C:\Users\Matthias\AppData\Roaming\uqm\ not found.
Folder C:\Users\Matthias\AppData\Roaming\Xyky\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: All Users
 
User: Christina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Margaretha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Matthias
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1638400 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6685274 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
User: Wolfgang
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 675385908 bytes
->Flash cache emptied: 841 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 10763472 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 455543792 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.097,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Christina
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Margaretha
->Flash cache emptied: 0 bytes
 
User: Matthias
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Wolfgang
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05012012_231410

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SETD2DA.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETDF2D.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 02.05.2012, 13:32   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Zitat:
Schlussendlich habe ich noch tdsskiller installiert und ausgeführt. Da gab es noch einen Fund, bei dem ich auf "Delete" geklickt habe, vielleicht liegt ja auch da der Fehler.
Wo ist das Log vom TDSS-Killer?
Dieses Tool ist KEIN Spielzeug! Deswegen gibt es von mir auch immer eine dementsprechende deutliche Warnung wenn es ausgeführt werden soll, man darf nicht einfach pauschal alles löschen wenn es etwas Verdächtiges findet!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 15:23   #11
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Tja, das war wirklich nicht besonders klug von mir. Wieder was gelernt.

Hier das log:

Code:
ATTFilter
 05:21:28.0779 3736	TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
05:21:28.0847 3736	============================================================
05:21:28.0847 3736	Current date / time: 2012/04/28 05:21:28.0847
05:21:28.0847 3736	SystemInfo:
05:21:28.0847 3736	
05:21:28.0847 3736	OS Version: 6.0.6002 ServicePack: 2.0
05:21:28.0847 3736	Product type: Workstation
05:21:28.0847 3736	ComputerName: EL-PC
05:21:28.0847 3736	UserName: Matthias
05:21:28.0847 3736	Windows directory: C:\Windows
05:21:28.0847 3736	System windows directory: C:\Windows
05:21:28.0847 3736	Running under WOW64
05:21:28.0847 3736	Processor architecture: Intel x64
05:21:28.0847 3736	Number of processors: 4
05:21:28.0847 3736	Page size: 0x1000
05:21:28.0847 3736	Boot type: Normal boot
05:21:28.0847 3736	============================================================
05:21:30.0192 3736	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:21:30.0224 3736	============================================================
05:21:30.0224 3736	\Device\Harddisk0\DR0:
05:21:30.0224 3736	MBR partitions:
05:21:30.0224 3736	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800
05:21:30.0224 3736	============================================================
05:21:30.0245 3736	C: <-> \Device\Harddisk0\DR0\Partition0
05:21:30.0245 3736	============================================================
05:21:30.0245 3736	Initialize success
05:21:30.0245 3736	============================================================
05:21:35.0066 2672	============================================================
05:21:35.0066 2672	Scan started
05:21:35.0066 2672	Mode: Manual; 
05:21:35.0066 2672	============================================================
05:21:38.0520 2672	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
05:21:38.0520 2672	ACPI - ok
05:21:38.0691 2672	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
05:21:38.0691 2672	AdobeFlashPlayerUpdateSvc - ok
05:21:38.0754 2672	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
05:21:38.0785 2672	adp94xx - ok
05:21:38.0816 2672	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
05:21:38.0816 2672	adpahci - ok
05:21:38.0848 2672	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
05:21:38.0848 2672	adpu160m - ok
05:21:38.0863 2672	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
05:21:38.0863 2672	adpu320 - ok
05:21:38.0895 2672	AeLookupSvc     (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
05:21:38.0910 2672	AeLookupSvc - ok
05:21:38.0941 2672	AFD             (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
05:21:38.0957 2672	AFD - ok
05:21:38.0957 2672	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
05:21:38.0957 2672	agp440 - ok
05:21:38.0973 2672	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
05:21:38.0988 2672	aic78xx - ok
05:21:39.0004 2672	ALG             (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
05:21:39.0004 2672	ALG - ok
05:21:39.0020 2672	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
05:21:39.0020 2672	aliide - ok
05:21:39.0035 2672	ALLOW-IO - ok
05:21:39.0191 2672	AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe
05:21:39.0207 2672	AMD External Events Utility - ok
05:21:39.0207 2672	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
05:21:39.0207 2672	amdide - ok
05:21:39.0238 2672	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
05:21:39.0238 2672	AmdK8 - ok
05:21:43.0051 2672	amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
05:21:43.0285 2672	amdkmdag - ok
05:21:43.0535 2672	amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
05:21:43.0535 2672	amdkmdap - ok
05:21:43.0676 2672	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
05:21:43.0676 2672	AntiVirSchedulerService - ok
05:21:43.0801 2672	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
05:21:43.0801 2672	AntiVirService - ok
05:21:43.0848 2672	Appinfo         (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
05:21:43.0848 2672	Appinfo - ok
05:21:43.0895 2672	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:21:43.0895 2672	Apple Mobile Device - ok
05:21:44.0051 2672	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
05:21:44.0066 2672	arc - ok
05:21:44.0098 2672	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
05:21:44.0113 2672	arcsas - ok
05:21:44.0129 2672	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
05:21:44.0129 2672	AsyncMac - ok
05:21:44.0145 2672	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
05:21:44.0145 2672	atapi - ok
05:21:44.0191 2672	AtiHDAudioService (ffadd388d1e7f075857659928365d579) C:\Windows\system32\drivers\AtihdLH6.sys
05:21:44.0207 2672	AtiHDAudioService - ok
05:21:44.0254 2672	AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
05:21:44.0270 2672	AudioEndpointBuilder - ok
05:21:44.0270 2672	AudioSrv        (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
05:21:44.0270 2672	AudioSrv - ok
05:21:44.0301 2672	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
05:21:44.0301 2672	avgntflt - ok
05:21:44.0363 2672	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
05:21:44.0363 2672	avipbb - ok
05:21:44.0426 2672	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
05:21:44.0441 2672	avkmgr - ok
05:21:44.0473 2672	BFE             (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
05:21:44.0473 2672	BFE - ok
05:21:44.0535 2672	BITS            (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
05:21:44.0551 2672	BITS - ok
05:21:44.0598 2672	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
05:21:44.0598 2672	blbdrive - ok
05:21:44.0723 2672	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
05:21:44.0738 2672	Bonjour Service - ok
05:21:44.0926 2672	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
05:21:44.0941 2672	bowser - ok
05:21:44.0988 2672	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
05:21:45.0004 2672	BrFiltLo - ok
05:21:45.0004 2672	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
05:21:45.0004 2672	BrFiltUp - ok
05:21:45.0051 2672	Browser         (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
05:21:45.0066 2672	Browser - ok
05:21:45.0082 2672	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
05:21:45.0082 2672	Brserid - ok
05:21:45.0098 2672	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
05:21:45.0098 2672	BrSerWdm - ok
05:21:45.0113 2672	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
05:21:45.0113 2672	BrUsbMdm - ok
05:21:45.0113 2672	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
05:21:45.0113 2672	BrUsbSer - ok
05:21:45.0145 2672	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
05:21:45.0145 2672	BTHMODEM - ok
05:21:45.0160 2672	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
05:21:45.0176 2672	cdfs - ok
05:21:45.0191 2672	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
05:21:45.0191 2672	cdrom - ok
05:21:45.0223 2672	CertPropSvc     (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
05:21:45.0223 2672	CertPropSvc - ok
05:21:45.0238 2672	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
05:21:45.0238 2672	circlass - ok
05:21:45.0285 2672	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
05:21:45.0301 2672	CLFS - ok
05:21:45.0363 2672	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:21:45.0363 2672	clr_optimization_v2.0.50727_32 - ok
05:21:45.0488 2672	clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:21:45.0488 2672	clr_optimization_v2.0.50727_64 - ok
05:21:45.0770 2672	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:21:45.0801 2672	clr_optimization_v4.0.30319_32 - ok
05:21:45.0848 2672	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:21:45.0879 2672	clr_optimization_v4.0.30319_64 - ok
05:21:45.0910 2672	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
05:21:45.0910 2672	cmdide - ok
05:21:45.0910 2672	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
05:21:45.0926 2672	Compbatt - ok
05:21:45.0926 2672	COMSysApp - ok
05:21:45.0926 2672	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
05:21:45.0926 2672	crcdisk - ok
05:21:46.0191 2672	CryptSvc        (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
05:21:46.0191 2672	CryptSvc - ok
05:21:46.0301 2672	CTDevice_Srv    (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
05:21:46.0301 2672	CTDevice_Srv - ok
05:21:46.0441 2672	CTUPnPSv        (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
05:21:46.0457 2672	CTUPnPSv - ok
05:21:46.0535 2672	DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
05:21:46.0535 2672	DAUpdaterSvc - ok
05:21:46.0598 2672	DcomLaunch      (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
05:21:46.0598 2672	DcomLaunch - ok
05:21:46.0645 2672	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
05:21:46.0660 2672	DfsC - ok
05:21:47.0504 2672	DFSR            (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
05:21:47.0676 2672	DFSR - ok
05:21:48.0098 2672	Dhcp            (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
05:21:48.0098 2672	Dhcp - ok
05:21:48.0145 2672	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
05:21:48.0145 2672	disk - ok
05:21:48.0207 2672	Dnscache        (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
05:21:48.0207 2672	Dnscache - ok
05:21:48.0379 2672	dot3svc         (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
05:21:48.0395 2672	dot3svc - ok
05:21:48.0441 2672	Dot4            (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
05:21:48.0441 2672	Dot4 - ok
05:21:48.0473 2672	Dot4Print       (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
05:21:48.0473 2672	Dot4Print - ok
05:21:48.0488 2672	dot4usb         (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
05:21:48.0488 2672	dot4usb - ok
05:21:48.0520 2672	DPS             (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
05:21:48.0535 2672	DPS - ok
05:21:48.0551 2672	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
05:21:48.0566 2672	drmkaud - ok
05:21:48.0676 2672	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
05:21:48.0676 2672	DXGKrnl - ok
05:21:48.0723 2672	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
05:21:48.0738 2672	E1G60 - ok
05:21:48.0754 2672	EapHost         (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
05:21:48.0754 2672	EapHost - ok
05:21:48.0785 2672	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
05:21:48.0801 2672	Ecache - ok
05:21:48.0848 2672	ehRecvr         (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
05:21:48.0863 2672	ehRecvr - ok
05:21:48.0879 2672	ehSched         (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
05:21:48.0879 2672	ehSched - ok
05:21:48.0910 2672	ehstart         (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
05:21:48.0910 2672	ehstart - ok
05:21:48.0941 2672	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
05:21:48.0957 2672	elxstor - ok
05:21:49.0082 2672	EMDMgmt         (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
05:21:49.0098 2672	EMDMgmt - ok
05:21:49.0113 2672	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
05:21:49.0113 2672	ErrDev - ok
05:21:49.0145 2672	EventSystem     (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
05:21:49.0145 2672	EventSystem - ok
05:21:49.0191 2672	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
05:21:49.0191 2672	exfat - ok
05:21:49.0223 2672	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
05:21:49.0223 2672	fastfat - ok
05:21:49.0238 2672	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
05:21:49.0238 2672	fdc - ok
05:21:49.0254 2672	fdPHost         (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
05:21:49.0254 2672	fdPHost - ok
05:21:49.0270 2672	FDResPub        (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
05:21:49.0270 2672	FDResPub - ok
05:21:49.0316 2672	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
05:21:49.0316 2672	FileInfo - ok
05:21:49.0332 2672	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
05:21:49.0332 2672	Filetrace - ok
05:21:49.0332 2672	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
05:21:49.0348 2672	flpydisk - ok
05:21:49.0363 2672	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
05:21:49.0379 2672	FltMgr - ok
05:21:49.0504 2672	FontCache       (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
05:21:49.0535 2672	FontCache - ok
05:21:49.0582 2672	FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:21:49.0582 2672	FontCache3.0.0.0 - ok
05:21:49.0629 2672	Fs_Rec          (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
05:21:49.0645 2672	Fs_Rec - ok
05:21:49.0645 2672	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
05:21:49.0660 2672	gagp30kx - ok
05:21:49.0676 2672	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
05:21:49.0676 2672	GEARAspiWDM - ok
05:21:49.0723 2672	gpsvc           (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
05:21:49.0754 2672	gpsvc - ok
05:21:49.0816 2672	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
05:21:49.0832 2672	HdAudAddService - ok
05:21:49.0895 2672	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
05:21:49.0895 2672	HDAudBus - ok
05:21:49.0941 2672	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
05:21:49.0941 2672	HidBth - ok
05:21:49.0957 2672	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
05:21:49.0973 2672	HidIr - ok
05:21:49.0988 2672	hidserv         (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
05:21:49.0988 2672	hidserv - ok
05:21:50.0004 2672	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
05:21:50.0004 2672	HidUsb - ok
05:21:50.0035 2672	hkmsvc          (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
05:21:50.0035 2672	hkmsvc - ok
05:21:50.0066 2672	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
05:21:50.0066 2672	HpCISSs - ok
05:21:50.0176 2672	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
05:21:50.0176 2672	hpqcxs08 - ok
05:21:50.0191 2672	hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
05:21:50.0191 2672	hpqddsvc - ok
05:21:50.0316 2672	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
05:21:50.0348 2672	HTTP - ok
05:21:50.0348 2672	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
05:21:50.0363 2672	i2omp - ok
05:21:50.0395 2672	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
05:21:50.0395 2672	i8042prt - ok
05:21:50.0426 2672	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
05:21:50.0426 2672	iaStorV - ok
05:21:50.0520 2672	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
05:21:50.0535 2672	IDriverT - ok
05:21:50.0707 2672	idsvc           (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:21:50.0738 2672	idsvc - ok
05:21:50.0754 2672	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
05:21:50.0770 2672	iirsp - ok
05:21:50.0816 2672	IKEEXT          (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
05:21:50.0832 2672	IKEEXT - ok
05:21:50.0910 2672	IntcAzAudAddService (5d33d5dad5eb0f81fac17d3e70dff1dd) C:\Windows\system32\drivers\RTKVHD64.sys
05:21:50.0941 2672	IntcAzAudAddService - ok
05:21:50.0973 2672	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
05:21:50.0973 2672	intelide - ok
05:21:50.0973 2672	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
05:21:50.0973 2672	intelppm - ok
05:21:51.0004 2672	IPBusEnum       (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
05:21:51.0004 2672	IPBusEnum - ok
05:21:51.0020 2672	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:21:51.0035 2672	IpFilterDriver - ok
05:21:51.0113 2672	iphlpsvc        (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
05:21:51.0113 2672	iphlpsvc - ok
05:21:51.0129 2672	IpInIp - ok
05:21:51.0145 2672	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
05:21:51.0145 2672	IPMIDRV - ok
05:21:51.0160 2672	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
05:21:51.0160 2672	IPNAT - ok
05:21:51.0270 2672	iPod Service    (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
05:21:51.0301 2672	iPod Service - ok
05:21:51.0301 2672	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
05:21:51.0316 2672	IRENUM - ok
05:21:51.0332 2672	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
05:21:51.0332 2672	isapnp - ok
05:21:51.0363 2672	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
05:21:51.0363 2672	iScsiPrt - ok
05:21:51.0379 2672	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
05:21:51.0379 2672	iteatapi - ok
05:21:51.0410 2672	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
05:21:51.0410 2672	iteraid - ok
05:21:51.0426 2672	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
05:21:51.0426 2672	kbdclass - ok
05:21:51.0426 2672	kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
05:21:51.0426 2672	kbdhid - ok
05:21:51.0457 2672	KeyIso          (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
05:21:51.0457 2672	KeyIso - ok
05:21:51.0504 2672	KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
05:21:51.0520 2672	KSecDD - ok
05:21:51.0551 2672	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
05:21:51.0551 2672	ksthunk - ok
05:21:51.0613 2672	KtmRm           (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
05:21:51.0613 2672	KtmRm - ok
05:21:51.0660 2672	LanmanServer    (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
05:21:51.0676 2672	LanmanServer - ok
05:21:51.0723 2672	LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
05:21:51.0723 2672	LanmanWorkstation - ok
05:21:51.0770 2672	Lbd             (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
05:21:51.0770 2672	Lbd - ok
05:21:51.0801 2672	libusb0 - ok
05:21:51.0801 2672	libusbd - ok
05:21:51.0816 2672	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
05:21:51.0832 2672	lltdio - ok
05:21:51.0879 2672	lltdsvc         (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
05:21:51.0879 2672	lltdsvc - ok
05:21:51.0910 2672	lmhosts         (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
05:21:51.0910 2672	lmhosts - ok
05:21:51.0926 2672	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
05:21:51.0926 2672	LSI_FC - ok
05:21:51.0941 2672	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
05:21:51.0957 2672	LSI_SAS - ok
05:21:51.0957 2672	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
05:21:51.0973 2672	LSI_SCSI - ok
05:21:51.0973 2672	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
05:21:51.0973 2672	luafv - ok
05:21:52.0066 2672	Mcx2Svc         (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
05:21:52.0066 2672	Mcx2Svc - ok
05:21:52.0129 2672	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
05:21:52.0129 2672	megasas - ok
05:21:52.0598 2672	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
05:21:52.0613 2672	MegaSR - ok
05:21:52.0707 2672	MMCSS           (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
05:21:52.0707 2672	MMCSS - ok
05:21:52.0723 2672	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
05:21:52.0723 2672	Modem - ok
05:21:52.0754 2672	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
05:21:52.0754 2672	monitor - ok
05:21:52.0770 2672	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
05:21:52.0770 2672	mouclass - ok
05:21:52.0770 2672	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
05:21:52.0770 2672	mouhid - ok
05:21:52.0785 2672	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
05:21:52.0785 2672	MountMgr - ok
05:21:52.0816 2672	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
05:21:52.0816 2672	mpio - ok
05:21:52.0832 2672	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
05:21:52.0848 2672	mpsdrv - ok
05:21:52.0926 2672	MpsSvc          (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
05:21:52.0926 2672	MpsSvc - ok
05:21:52.0957 2672	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
05:21:52.0973 2672	Mraid35x - ok
05:21:52.0988 2672	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
05:21:52.0988 2672	MRxDAV - ok
05:21:53.0020 2672	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:21:53.0020 2672	mrxsmb - ok
05:21:53.0051 2672	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:21:53.0051 2672	mrxsmb10 - ok
05:21:53.0066 2672	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:21:53.0066 2672	mrxsmb20 - ok
05:21:53.0082 2672	msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
05:21:53.0098 2672	msahci - ok
05:21:53.0113 2672	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
05:21:53.0113 2672	msdsm - ok
05:21:53.0145 2672	MSDTC           (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
05:21:53.0145 2672	MSDTC - ok
05:21:53.0160 2672	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
05:21:53.0176 2672	Msfs - ok
05:21:53.0191 2672	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
05:21:53.0191 2672	msisadrv - ok
05:21:53.0223 2672	MSiSCSI         (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
05:21:53.0238 2672	MSiSCSI - ok
05:21:53.0238 2672	msiserver - ok
05:21:53.0254 2672	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
05:21:53.0254 2672	MSKSSRV - ok
05:21:53.0270 2672	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
05:21:53.0270 2672	MSPCLOCK - ok
05:21:53.0285 2672	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
05:21:53.0285 2672	MSPQM - ok
05:21:53.0348 2672	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
05:21:53.0363 2672	MsRPC - ok
05:21:53.0379 2672	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
05:21:53.0379 2672	mssmbios - ok
05:21:53.0473 2672	MSSQL$BWDATOOLSET - ok
05:21:53.0520 2672	MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
05:21:53.0535 2672	MSSQLServerADHelper - ok
05:21:53.0535 2672	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
05:21:53.0535 2672	MSTEE - ok
05:21:53.0598 2672	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
05:21:53.0598 2672	Mup - ok
05:21:53.0691 2672	napagent        (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
05:21:53.0691 2672	napagent - ok
05:21:53.0754 2672	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
05:21:53.0754 2672	NativeWifiP - ok
05:21:53.0816 2672	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
05:21:53.0832 2672	NDIS - ok
05:21:53.0832 2672	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
05:21:53.0832 2672	NdisTapi - ok
05:21:53.0848 2672	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
05:21:53.0848 2672	Ndisuio - ok
05:21:53.0895 2672	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
05:21:53.0895 2672	NdisWan - ok
05:21:53.0910 2672	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
05:21:53.0926 2672	NDProxy - ok
05:21:53.0957 2672	Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
05:21:53.0957 2672	Net Driver HPZ12 - ok
05:21:53.0957 2672	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
05:21:53.0957 2672	NetBIOS - ok
05:21:54.0004 2672	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
05:21:54.0004 2672	netbt - ok
05:21:54.0035 2672	Netlogon        (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
05:21:54.0035 2672	Netlogon - ok
05:21:54.0066 2672	Netman          (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
05:21:54.0066 2672	Netman - ok
05:21:54.0098 2672	netprofm        (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
05:21:54.0098 2672	netprofm - ok
05:21:54.0160 2672	netr7364        (b69d6bb680c85243af0263b3e01d5e77) C:\Windows\system32\DRIVERS\netr7364.sys
05:21:54.0191 2672	netr7364 - ok
05:21:54.0285 2672	NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:21:54.0285 2672	NetTcpPortSharing - ok
05:21:54.0316 2672	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
05:21:54.0316 2672	nfrd960 - ok
05:21:54.0348 2672	NlaSvc          (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
05:21:54.0348 2672	NlaSvc - ok
05:21:54.0363 2672	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
05:21:54.0363 2672	Npfs - ok
05:21:54.0379 2672	nsi             (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
05:21:54.0379 2672	nsi - ok
05:21:54.0395 2672	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
05:21:54.0395 2672	nsiproxy - ok
05:21:54.0598 2672	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
05:21:54.0645 2672	Ntfs - ok
05:21:54.0910 2672	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
05:21:54.0910 2672	Null - ok
05:21:54.0910 2672	nvlddmkm - ok
05:21:54.0941 2672	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
05:21:54.0957 2672	nvraid - ok
05:21:54.0973 2672	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
05:21:54.0973 2672	nvstor - ok
05:21:54.0988 2672	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
05:21:55.0004 2672	nv_agp - ok
05:21:55.0004 2672	NwlnkFlt - ok
05:21:55.0004 2672	NwlnkFwd - ok
05:21:55.0035 2672	ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
05:21:55.0035 2672	ohci1394 - ok
05:21:55.0129 2672	p2pimsvc        (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
05:21:55.0145 2672	p2pimsvc - ok
05:21:55.0160 2672	p2psvc          (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
05:21:55.0160 2672	p2psvc - ok
05:21:55.0191 2672	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
05:21:55.0207 2672	Parport - ok
05:21:55.0223 2672	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
05:21:55.0223 2672	partmgr - ok
05:21:55.0254 2672	PcaSvc          (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
05:21:55.0254 2672	PcaSvc - ok
05:21:55.0285 2672	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
05:21:55.0285 2672	pci - ok
05:21:55.0316 2672	pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
05:21:55.0316 2672	pciide - ok
05:21:55.0348 2672	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
05:21:55.0348 2672	pcmcia - ok
05:21:55.0395 2672	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
05:21:55.0426 2672	PEAUTH - ok
05:21:55.0582 2672	PerfHost        (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
05:21:55.0582 2672	PerfHost - ok
05:21:55.0691 2672	pla             (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
05:21:55.0754 2672	pla - ok
05:21:55.0816 2672	PlugPlay        (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
05:21:55.0832 2672	PlugPlay - ok
05:21:55.0863 2672	Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
05:21:55.0863 2672	Pml Driver HPZ12 - ok
05:21:55.0926 2672	PNRPAutoReg     (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
05:21:55.0926 2672	PNRPAutoReg - ok
05:21:55.0941 2672	PNRPsvc         (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
05:21:55.0941 2672	PNRPsvc - ok
05:21:56.0066 2672	PolicyAgent     (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
05:21:56.0082 2672	PolicyAgent - ok
05:21:56.0254 2672	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
05:21:56.0254 2672	PptpMiniport - ok
05:21:56.0301 2672	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
05:21:56.0301 2672	Processor - ok
05:21:56.0332 2672	ProfSvc         (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
05:21:56.0348 2672	ProfSvc - ok
05:21:56.0410 2672	ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
05:21:56.0410 2672	ProtectedStorage - ok
05:21:56.0457 2672	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
05:21:56.0473 2672	PSched - ok
05:21:56.0535 2672	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
05:21:56.0566 2672	ql2300 - ok
05:21:56.0582 2672	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
05:21:56.0598 2672	ql40xx - ok
05:21:56.0629 2672	QWAVE           (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
05:21:56.0629 2672	QWAVE - ok
05:21:56.0645 2672	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
05:21:56.0645 2672	QWAVEdrv - ok
05:21:56.0879 2672	RalinkRegistryWriter (e155e09229624c69a1a6609c0cb3641f) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
05:21:56.0879 2672	RalinkRegistryWriter - ok
05:21:56.0895 2672	RalinkRegistryWriter64 (42a952ca5f9de8fcec25307b19570bb9) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
05:21:56.0910 2672	RalinkRegistryWriter64 - ok
05:21:56.0926 2672	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
05:21:56.0926 2672	RasAcd - ok
05:21:56.0957 2672	RasAuto         (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
05:21:56.0957 2672	RasAuto - ok
05:21:56.0988 2672	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:21:56.0988 2672	Rasl2tp - ok
05:21:57.0020 2672	RasMan          (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
05:21:57.0035 2672	RasMan - ok
05:21:57.0066 2672	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
05:21:57.0082 2672	RasPppoe - ok
05:21:57.0098 2672	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
05:21:57.0098 2672	RasSstp - ok
05:21:57.0145 2672	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
05:21:57.0160 2672	rdbss - ok
05:21:57.0160 2672	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:21:57.0160 2672	RDPCDD - ok
05:21:57.0207 2672	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
05:21:57.0207 2672	rdpdr - ok
05:21:57.0207 2672	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
05:21:57.0223 2672	RDPENCDD - ok
05:21:57.0332 2672	RDPWD           (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
05:21:57.0348 2672	RDPWD - ok
05:21:57.0379 2672	RemoteAccess    (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
05:21:57.0379 2672	RemoteAccess - ok
05:21:57.0504 2672	RemoteRegistry  (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
05:21:57.0504 2672	RemoteRegistry - ok
05:21:57.0535 2672	RpcLocator      (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
05:21:57.0535 2672	RpcLocator - ok
05:21:58.0238 2672	RpcSs           (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
05:21:58.0238 2672	RpcSs - ok
05:21:58.0316 2672	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
05:21:58.0316 2672	rspndr - ok
05:21:58.0348 2672	SamSs           (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
05:21:58.0348 2672	SamSs - ok
05:21:58.0520 2672	SANDRA          (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys
05:21:58.0535 2672	SANDRA - ok
05:21:58.0566 2672	SandraAgentSrv  (0fbdf70e3a8623732efcdb9e56e79550) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe
05:21:58.0582 2672	SandraAgentSrv - ok
05:21:58.0598 2672	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
05:21:58.0613 2672	sbp2port - ok
05:21:58.0629 2672	SCardSvr        (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
05:21:58.0645 2672	SCardSvr - ok
05:21:59.0317 2672	Schedule        (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
05:21:59.0349 2672	Schedule - ok
05:21:59.0396 2672	SCPolicySvc     (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
05:21:59.0396 2672	SCPolicySvc - ok
05:21:59.0552 2672	SDRSVC          (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
05:21:59.0567 2672	SDRSVC - ok
05:21:59.0599 2672	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
05:21:59.0599 2672	secdrv - ok
05:21:59.0614 2672	seclogon        (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
05:21:59.0614 2672	seclogon - ok
05:21:59.0630 2672	SENS            (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
05:21:59.0646 2672	SENS - ok
05:21:59.0661 2672	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
05:21:59.0677 2672	Serenum - ok
05:21:59.0692 2672	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
05:21:59.0692 2672	Serial - ok
05:21:59.0708 2672	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
05:21:59.0708 2672	sermouse - ok
05:21:59.0724 2672	SessionEnv      (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
05:21:59.0739 2672	SessionEnv - ok
05:21:59.0739 2672	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
05:21:59.0739 2672	sffdisk - ok
05:21:59.0739 2672	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
05:21:59.0755 2672	sffp_mmc - ok
05:21:59.0755 2672	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
05:21:59.0755 2672	sffp_sd - ok
05:21:59.0755 2672	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
05:21:59.0771 2672	sfloppy - ok
05:21:59.0817 2672	SharedAccess    (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
05:21:59.0833 2672	SharedAccess - ok
05:21:59.0911 2672	ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
05:21:59.0911 2672	ShellHWDetection - ok
05:21:59.0927 2672	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
05:21:59.0942 2672	SiSRaid2 - ok
05:21:59.0958 2672	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
05:21:59.0958 2672	SiSRaid4 - ok
05:22:00.0599 2672	slsvc           (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
05:22:00.0692 2672	slsvc - ok
05:22:01.0364 2672	SLUINotify      (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
05:22:01.0380 2672	SLUINotify - ok
05:22:01.0411 2672	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
05:22:01.0427 2672	Smb - ok
05:22:01.0458 2672	SNMPTRAP        (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
05:22:01.0458 2672	SNMPTRAP - ok
05:22:01.0489 2672	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
05:22:01.0489 2672	spldr - ok
05:22:01.0567 2672	Spooler         (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
05:22:01.0583 2672	Spooler - ok
05:22:01.0646 2672	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
05:22:01.0646 2672	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
05:22:01.0646 2672	sptd ( LockedFile.Multi.Generic ) - warning
05:22:01.0646 2672	sptd - detected LockedFile.Multi.Generic (1)
05:22:02.0099 2672	SQLBrowser      (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
05:22:02.0114 2672	SQLBrowser - ok
05:22:02.0208 2672	SQLWriter       (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
05:22:02.0224 2672	SQLWriter - ok
05:22:02.0302 2672	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
05:22:02.0317 2672	srv - ok
05:22:02.0349 2672	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
05:22:02.0364 2672	srv2 - ok
05:22:02.0380 2672	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
05:22:02.0380 2672	srvnet - ok
05:22:02.0411 2672	SSDPSRV         (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
05:22:02.0411 2672	SSDPSRV - ok
05:22:02.0458 2672	SstpSvc         (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
05:22:02.0458 2672	SstpSvc - ok
05:22:02.0505 2672	Steam Client Service - ok
05:22:02.0583 2672	stisvc          (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
05:22:02.0599 2672	stisvc - ok
05:22:02.0614 2672	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
05:22:02.0614 2672	swenum - ok
05:22:02.0677 2672	swprv           (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
05:22:02.0692 2672	swprv - ok
05:22:02.0724 2672	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
05:22:02.0739 2672	Symc8xx - ok
05:22:02.0739 2672	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
05:22:02.0755 2672	Sym_hi - ok
05:22:02.0771 2672	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
05:22:02.0771 2672	Sym_u3 - ok
05:22:02.0833 2672	SysMain         (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
05:22:02.0849 2672	SysMain - ok
05:22:02.0880 2672	TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
05:22:02.0880 2672	TabletInputService - ok
05:22:02.0927 2672	TapiSrv         (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
05:22:02.0927 2672	TapiSrv - ok
05:22:02.0958 2672	TBS             (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
05:22:02.0958 2672	TBS - ok
05:22:03.0474 2672	Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
05:22:03.0505 2672	Tcpip - ok
05:22:03.0817 2672	Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
05:22:03.0833 2672	Tcpip6 - ok
05:22:04.0052 2672	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
05:22:04.0067 2672	tcpipreg - ok
05:22:04.0083 2672	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
05:22:04.0099 2672	TDPIPE - ok
05:22:04.0114 2672	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
05:22:04.0114 2672	TDTCP - ok
05:22:04.0146 2672	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
05:22:04.0146 2672	tdx - ok
05:22:04.0177 2672	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
05:22:04.0192 2672	TermDD - ok
05:22:04.0286 2672	TermService     (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
05:22:04.0302 2672	TermService - ok
05:22:04.0458 2672	Themes          (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
05:22:04.0458 2672	Themes - ok
05:22:04.0567 2672	THREADORDER     (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
05:22:04.0567 2672	THREADORDER - ok
05:22:04.0614 2672	TrkWks          (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
05:22:04.0614 2672	TrkWks - ok
05:22:04.0739 2672	TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
05:22:04.0755 2672	TrustedInstaller - ok
05:22:04.0786 2672	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:22:04.0786 2672	tssecsrv - ok
05:22:04.0833 2672	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
05:22:04.0833 2672	tunmp - ok
05:22:04.0911 2672	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
05:22:04.0911 2672	tunnel - ok
05:22:04.0942 2672	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
05:22:04.0958 2672	uagp35 - ok
05:22:05.0239 2672	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
05:22:05.0255 2672	udfs - ok
05:22:05.0271 2672	UI0Detect       (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
05:22:05.0271 2672	UI0Detect - ok
05:22:05.0286 2672	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
05:22:05.0302 2672	uliagpkx - ok
05:22:05.0333 2672	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
05:22:05.0349 2672	uliahci - ok
05:22:05.0380 2672	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
05:22:05.0380 2672	UlSata - ok
05:22:05.0411 2672	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
05:22:05.0427 2672	ulsata2 - ok
05:22:05.0442 2672	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
05:22:05.0458 2672	umbus - ok
05:22:05.0474 2672	upnphost        (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
05:22:05.0474 2672	upnphost - ok
05:22:05.0536 2672	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
05:22:05.0536 2672	USBAAPL64 - ok
05:22:05.0614 2672	usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
05:22:05.0614 2672	usbbus - ok
05:22:05.0661 2672	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
05:22:05.0661 2672	usbccgp - ok
05:22:05.0692 2672	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
05:22:05.0692 2672	usbcir - ok
05:22:05.0692 2672	UsbDiag         (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
05:22:05.0708 2672	UsbDiag - ok
05:22:05.0739 2672	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
05:22:05.0739 2672	usbehci - ok
05:22:06.0177 2672	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
05:22:06.0192 2672	usbhub - ok
05:22:06.0224 2672	USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
05:22:06.0224 2672	USBModem - ok
05:22:06.0255 2672	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
05:22:06.0271 2672	usbohci - ok
05:22:06.0286 2672	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
05:22:06.0286 2672	usbprint - ok
05:22:06.0458 2672	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
05:22:06.0474 2672	usbscan - ok
05:22:06.0474 2672	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:22:06.0489 2672	USBSTOR - ok
05:22:06.0505 2672	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
05:22:06.0505 2672	usbuhci - ok
05:22:06.0536 2672	UxSms           (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
05:22:06.0536 2672	UxSms - ok
05:22:06.0630 2672	vds             (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
05:22:06.0630 2672	vds - ok
05:22:06.0677 2672	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
05:22:06.0677 2672	vga - ok
05:22:06.0708 2672	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
05:22:06.0708 2672	VgaSave - ok
05:22:06.0724 2672	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
05:22:06.0739 2672	viaide - ok
05:22:06.0755 2672	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
05:22:06.0755 2672	volmgr - ok
05:22:06.0802 2672	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
05:22:06.0817 2672	volmgrx - ok
05:22:06.0942 2672	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
05:22:06.0974 2672	volsnap - ok
05:22:07.0005 2672	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
05:22:07.0021 2672	vsmraid - ok
05:22:07.0192 2672	VSS             (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
05:22:07.0224 2672	VSS - ok
05:22:07.0380 2672	W32Time         (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
05:22:07.0380 2672	W32Time - ok
05:22:07.0427 2672	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
05:22:07.0427 2672	WacomPen - ok
05:22:07.0458 2672	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
05:22:07.0458 2672	Wanarp - ok
05:22:07.0474 2672	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
05:22:07.0474 2672	Wanarpv6 - ok
05:22:07.0505 2672	wcncsvc         (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
05:22:07.0536 2672	wcncsvc - ok
05:22:07.0567 2672	WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
05:22:07.0583 2672	WcsPlugInService - ok
05:22:07.0614 2672	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
05:22:07.0614 2672	Wd - ok
05:22:07.0677 2672	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
05:22:07.0692 2672	Wdf01000 - ok
05:22:07.0755 2672	WdiServiceHost  (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
05:22:07.0755 2672	WdiServiceHost - ok
05:22:07.0771 2672	WdiSystemHost   (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
05:22:07.0771 2672	WdiSystemHost - ok
05:22:07.0786 2672	WebClient       (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
05:22:07.0786 2672	WebClient - ok
05:22:07.0864 2672	Wecsvc          (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
05:22:07.0864 2672	Wecsvc - ok
05:22:07.0880 2672	wercplsupport   (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
05:22:07.0880 2672	wercplsupport - ok
05:22:07.0896 2672	WerSvc          (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
05:22:07.0911 2672	WerSvc - ok
05:22:07.0942 2672	WinDefend - ok
05:22:07.0942 2672	WinHttpAutoProxySvc - ok
05:22:08.0005 2672	Winmgmt         (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
05:22:08.0005 2672	Winmgmt - ok
05:22:08.0271 2672	WinRM           (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
05:22:08.0333 2672	WinRM - ok
05:22:08.0521 2672	Wlansvc         (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
05:22:08.0536 2672	Wlansvc - ok
05:22:08.0708 2672	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:22:08.0755 2672	wlidsvc - ok
05:22:08.0849 2672	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
05:22:08.0849 2672	WmiAcpi - ok
05:22:08.0911 2672	wmiApSrv        (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
05:22:08.0927 2672	wmiApSrv - ok
05:22:08.0942 2672	WMPNetworkSvc - ok
05:22:08.0974 2672	WPCSvc          (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
05:22:08.0989 2672	WPCSvc - ok
05:22:09.0052 2672	WPDBusEnum      (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
05:22:09.0052 2672	WPDBusEnum - ok
05:22:09.0192 2672	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
05:22:09.0208 2672	WpdUsb - ok
05:22:09.0489 2672	WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:22:09.0505 2672	WPFFontCache_v0400 - ok
05:22:09.0536 2672	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
05:22:09.0536 2672	ws2ifsl - ok
05:22:09.0552 2672	wscsvc          (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
05:22:09.0552 2672	wscsvc - ok
05:22:09.0567 2672	WSearch - ok
05:22:09.0677 2672	wuauserv        (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
05:22:09.0724 2672	wuauserv - ok
05:22:09.0864 2672	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:22:09.0864 2672	WUDFRd - ok
05:22:09.0896 2672	wudfsvc         (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
05:22:09.0896 2672	wudfsvc - ok
05:22:09.0942 2672	yukonx64        (eac900019d31fd79d400ae8626da640d) C:\Windows\system32\DRIVERS\yk60x64.sys
05:22:09.0958 2672	yukonx64 - ok
05:22:09.0974 2672	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
05:22:10.0036 2672	\Device\Harddisk0\DR0 - ok
05:22:10.0036 2672	Boot (0x1200)   (86dfa5e1f432db283ad0f3cce4cd082f) \Device\Harddisk0\DR0\Partition0
05:22:10.0036 2672	\Device\Harddisk0\DR0\Partition0 - ok
05:22:10.0036 2672	============================================================
05:22:10.0036 2672	Scan finished
05:22:10.0036 2672	============================================================
05:22:10.0052 2988	Detected object count: 1
05:22:10.0052 2988	Actual detected object count: 1
05:22:23.0771 2988	C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
05:22:23.0771 2988	HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
05:22:23.0802 2988	HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot
05:22:24.0052 2988	C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
05:22:24.0052 2988	sptd ( LockedFile.Multi.Generic ) - User select action: Delete 
05:22:29.0505 2776	Deinitialize success
         

Alt 02.05.2012, 15:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Zitat:
C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
SPTD sollte der Treiber sein, der zB von den Daemon-Tools installiert wird


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 19:51   #13
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Musste vor dem Ausführen von Combofix Avira Antivir deinstallieren, da man es anscheinend nicht komplett ausschalten kann. Habe es nach dem Ende des Scans wieder installiert, und siehe da: die Meldung, dass mein Sicherheitscenter ausgeschaltet ist, kommt nicht mehr, und auch sonst sieht da alles wieder normal aus.
Combofix hat den Computer neugestartet, ich habe dann noch einen manuellen Neustart ausgeführt, weil Firefox keine Seite mehr gefunden hat, jetzt geht alles wieder.

Hier das Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-02.03 - Matthias 02.05.2012  19:49:40.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.4094.2630 [GMT 2:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Matthias\AmazonMP3Installer-de_DE.exe
c:\users\Matthias\cjs2300GE.exe
c:\users\Matthias\Runaway.exe
c:\users\Matthias\tdsskiller.exe
c:\users\Matthias\unetbootin-windows-568.exe
c:\users\Matthias\uqm-0.7.0-installer.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-02 bis 2012-05-02  ))))))))))))))))))))))))))))))
.
.
2012-05-02 18:05 . 2012-05-02 18:22	--------	d-----w-	c:\users\Matthias\AppData\Local\temp
2012-05-02 18:05 . 2012-05-02 18:05	--------	d-----w-	c:\users\Wolfgang\AppData\Local\temp
2012-05-02 18:05 . 2012-05-02 18:05	--------	d-----w-	c:\users\Margaretha\AppData\Local\temp
2012-05-02 14:15 . 2012-05-02 14:15	--------	d-----w-	c:\users\Matthias\tdsskiller
2012-05-01 20:57 . 2012-05-01 20:57	--------	d-----w-	C:\_OTL
2012-04-30 18:23 . 2012-04-30 18:23	--------	d-----w-	c:\program files (x86)\ESET
2012-04-30 11:12 . 2012-04-30 11:12	8741536	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 15:28 . 2012-04-29 15:28	--------	d-----w-	c:\program files\iPod
2012-04-29 15:28 . 2012-04-29 15:29	--------	d-----w-	c:\program files\iTunes
2012-04-28 14:13 . 2012-04-28 14:25	--------	d-----w-	c:\users\Matthias\AppData\Roaming\HpUpdate
2012-04-28 14:12 . 2012-04-28 14:12	--------	d-----w-	c:\windows\Hewlett-Packard
2012-04-28 07:32 . 2012-04-28 07:32	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-04-28 07:29 . 2012-04-28 07:29	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-04-28 07:29 . 2012-04-28 07:28	476904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-28 07:29 . 2012-04-28 07:28	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-28 07:14 . 2012-04-28 07:14	--------	d-----w-	c:\users\Matthias\AppData\Local\Secunia PSI (BETA)
2012-04-28 07:14 . 2012-04-28 07:14	--------	d-----w-	c:\program files (x86)\Secunia
2012-04-28 03:22 . 2012-04-28 03:22	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-04-11 22:10 . 2012-02-29 15:37	219136	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 22:10 . 2012-02-29 15:35	78848	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 22:10 . 2012-02-29 15:11	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-11 22:10 . 2012-02-29 15:11	172032	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-11 22:10 . 2012-02-29 15:09	157696	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-11 08:03 . 2012-03-01 11:01	2409784	----a-w-	c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 08:03 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 11:12 . 2012-03-29 09:53	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-30 11:12 . 2011-05-15 11:38	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2011-09-12 15:51	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-23 08:18 . 2009-10-03 07:48	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 09:01 . 2012-02-15 09:01	52736	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 09:01 . 2012-02-15 09:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-14 16:49 . 2012-03-14 10:04	327680	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 10:04	196096	----a-w-	c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 10:04	219648	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 10:04	160768	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 10:04	2002944	----a-w-	c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 10:04	1172480	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 10:04	834048	----a-w-	c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 10:04	1555968	----a-w-	c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 10:04	683008	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 10:04	1068544	----a-w-	c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-3-30 562232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 11:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.183.128.35 194.183.128.36
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\hluc9alb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-31640508.sys
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1419767165-1224086374-814660101-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c1,73,af,40,43,7f,58,cc,91,49,5b,50,0d,35,06,f2,e9,10,91,0b,fb,
   a9,2f,a9,57,42,60,5b,97,33,15,02,57,35,23,c7,b3,a8,0c,07,fe,53,81,07,eb,77,\
"rkeysecu"=hex:8d,86,0b,e0,25,3b,bd,9a,ca,11,22,ed,85,05,19,d2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\Secunia\PSI\PSIA.exe
c:\program files (x86)\Secunia\PSI\sua.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-02  20:32:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-02 18:32
.
Vor Suchlauf: 20 Verzeichnis(se), 41.596.309.504 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 43.015.397.376 Bytes frei
.
- - End Of File - - 42F3C599D33CF296A0844D3AEF6A10C6
         
--- --- ---

Alt 02.05.2012, 20:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 21:59   #15
Tatzelveln
 
Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Standard

Smart Fortress 2012 / sicherheitscenter ausgeschaltet



So, Scan ist fertig, habe avira zur Sicherheit vorher entfernt, damit es auch ja keine Probleme gibt.

Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-02 22:01:43
-----------------------------
22:01:43.393    OS Version: Windows x64 6.0.6002 Service Pack 2
22:01:43.393    Number of processors: 4 586 0x1707
22:01:43.393    ComputerName: EL-PC  UserName: 
22:01:45.596    Initialize success
22:04:09.613    AVAST engine defs: 12050200
22:04:30.469    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:04:30.484    Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
22:04:30.484    Disk 0 MBR read successfully
22:04:30.484    Disk 0 MBR scan
22:04:30.500    Disk 0 Windows VISTA default MBR code
22:04:30.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476939 MB offset 2048
22:04:30.547    Disk 0 scanning C:\Windows\system32\drivers
22:04:41.469    Service scanning
22:04:42.719    Service ALLOW-IO D:\ALLOW-IO64.sys **LOCKED** 21
22:05:01.016    Modules scanning
22:05:01.016    Disk 0 trace - called modules:
22:05:01.047    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys 
22:05:01.063    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c41790]
22:05:01.063    3 CLASSPNP.SYS[fffffa6000dd1c33] -> nt!IofCallDriver -> [0xfffffa800496d930]
22:05:01.391    5 acpi.sys[fffffa60008fffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800499b940]
22:05:04.203    AVAST engine scan C:\Windows
22:05:21.844    AVAST engine scan C:\Windows\system32
22:11:28.938    AVAST engine scan C:\Windows\system32\drivers
22:11:49.250    AVAST engine scan C:\Users\Matthias
22:43:43.707    AVAST engine scan C:\ProgramData
22:45:52.567    Scan finished successfully
22:50:12.864    Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
22:50:12.880    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"
         

Antwort

Themen zu Smart Fortress 2012 / sicherheitscenter ausgeschaltet
administrator, adobe, alles blockiert, antivir, avira, blockiert, bonjour, dateisystem, defender, desktop, explorer, fehlermeldung, firefox, flash player, helper, heuristiks/extra, heuristiks/shuriken, home, malware, mozilla, nt.dll, pdf, plug-in, problem, programm, pup.offerbundler.st, secunia psi, server, svchost.exe, system, taskleiste, temp, trojan.lameshield, wscript.exe




Ähnliche Themen: Smart Fortress 2012 / sicherheitscenter ausgeschaltet


  1. smart fortress 2012 auf meinem PC
    Log-Analyse und Auswertung - 31.05.2012 (1)
  2. Mit Smart Fortress 2012 infiziert!
    Log-Analyse und Auswertung - 24.05.2012 (3)
  3. smart fortress 2012, wie entfernen?
    Log-Analyse und Auswertung - 22.05.2012 (33)
  4. Smart Fortress 2012 eingefangen, schon einiges vorbereitet.
    Log-Analyse und Auswertung - 19.05.2012 (6)
  5. Smart Fortress 2012/Probleme nach Bereinigung
    Log-Analyse und Auswertung - 16.05.2012 (44)
  6. Habe ich Smart Fortress 2012 restlos/erfolgreich entfernt?
    Log-Analyse und Auswertung - 15.05.2012 (18)
  7. Smart Fortress 2012 ... ESET läuft schon
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (1)
  8. Virus Löschen SMART FORTRESS 2012
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (1)
  9. Smart Fortress 2012 auf Windows 7 Professional (32bit)
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (21)
  10. Smart Fortress 2012 richtig entfernt?
    Log-Analyse und Auswertung - 15.04.2012 (33)
  11. Mit Smart Fortress 2012 infiziert
    Log-Analyse und Auswertung - 13.04.2012 (25)
  12. Smart Fortress 2012 hat mich leider auch erwischt:(
    Log-Analyse und Auswertung - 13.04.2012 (4)
  13. Trojanerproblem nach Smart Fortress 2012 Virus
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  14. (2x) Trojanerproblem nach Smart Fortress 2012 Virus
    Mülltonne - 09.04.2012 (1)
  15. Smart Fortress 2012 Trojaner Problem
    Plagegeister aller Art und deren Bekämpfung - 08.04.2012 (1)
  16. Smart Fortress 2012-Befall
    Log-Analyse und Auswertung - 05.04.2012 (15)
  17. Smart Fortress 2012 entfernen
    Anleitungen, FAQs & Links - 27.02.2012 (2)

Zum Thema Smart Fortress 2012 / sicherheitscenter ausgeschaltet - Ich habe mir gestern irgendwie die wohl nervtötendste malware meines Lebens eingefangen: das Smart Fortress 2012. Nachdem dieser Mist alles blockiert hat, was ich versucht habe, habe ich erstmal denn - Smart Fortress 2012 / sicherheitscenter ausgeschaltet...
Archiv
Du betrachtest: Smart Fortress 2012 / sicherheitscenter ausgeschaltet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.