Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?

LBHS2174 · 03.06.2012, 06:07

Guten morgen

Ich hab mir auch diesen fiesen Verschlüsselungstrojaner eingefangen der die Dateien teilweise mit der Buchstabensuppe (z.B. QsEEUTODXNVqyssQ) umbenennt und teilweise die Dateien nur verschlüsselt ( Dateinamen sind also noch Original).
Bei allen Dateien die verschlüsselt sind (ich hab mir viele aber nicht alle angeschaut) steht als erstelldatum : 13.Februar 1601.
Das die Dateien momentan nicht zu entschlüsseln sind hab ich hier schon rauslesen können, darum geht es mir aber auch gar nicht.
Den PC hab ich wieder zum laufen bekommen ( Anti BOT CD aus der ComputerBild) und wollte jetzt nur sichergehen das das System zumindest wieder normal läuft.

OTL Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.06.2012 06:15:17 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Holger Schmid\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,57% Memory free
8,00 Gb Paging File | 6,35 Gb Available in Paging File | 79,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 69,51 Gb Free Space | 62,24% Space Free | Partition Type: NTFS
Drive E: | 327,54 Gb Total Space | 274,51 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
Drive F: | 592,25 Gb Total Space | 436,32 Gb Free Space | 73,67% Space Free | Partition Type: NTFS
Drive G: | 463,87 Gb Total Space | 196,61 Gb Free Space | 42,39% Space Free | Partition Type: NTFS
Drive H: | 467,64 Gb Total Space | 327,97 Gb Free Space | 70,13% Space Free | Partition Type: NTFS
Drive J: | 55,80 Gb Total Space | 3,38 Gb Free Space | 6,05% Space Free | Partition Type: NTFS
 
Computer Name: PISTENSAU | User Name: Holger Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Holger Schmid\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\Holger Schmid\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\pouafj9wz.dll (Parental Solutions Inc.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (WSearch) -- C:\Windows\SysNative\SearchIndexer.exe (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (WSearch) -- C:\Windows\SysWow64\SearchIndexer.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (Alpham1) -- C:\Windows\SysNative\drivers\Alpham164.sys (Ideazon Corporation)
DRV:64bit: - (Alpham2) -- C:\Windows\SysNative\drivers\Alpham264.sys (Ideazon Corporation)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7599vHF0\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 0C 79 9F CE BC CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 19:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 13:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 06:31:19 | 000,000,000 | ---D | M]
 
[2011.01.25 23:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Extensions
[2011.01.25 23:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.28 16:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions
[2011.12.08 07:53:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.01.25 23:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 05:47:30 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.25 23:33:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\quickstores@quickstores.de
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\olgigzt8.default\extensions
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\olgigzt8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.04 05:11:29 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012.05.28 16:59:10 | 000,524,866 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.05.06 12:26:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.11 12:39:30 | 000,055,163 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE.XPI
[2012.03.23 09:57:15 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.04.25 19:46:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.17 06:30:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKCU..\Run: [EPSON Stylus Photo R285 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_S6A66.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\d3dysiczx.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27F4D42-929E-442E-B2FB-3A5DC3ED2FFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CDC2C9-2416-4E24-9FAF-E926774F71F7}: NameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell - "" = AutoRun
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 06:12:30 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Holger Schmid\Desktop\OTL.exe
[2012.06.03 05:52:10 | 000,354,816 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouafj9wz.dll
[2012.06.02 11:51:58 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Malwarebytes
[2012.06.02 11:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.02 11:51:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.02 11:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.01 23:30:03 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
[2012.05.31 21:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.31 20:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVR-Studio HD 2
[2012.05.31 20:24:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.31 20:02:19 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV DIGITAL - OnGuide
[2012.05.31 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV DIGITAL
[2012.05.31 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\OpenOffice.org
[2012.05.31 17:58:14 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.31 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\DoctorWeb
[2012.05.24 12:24:29 | 000,000,000 | -H-D | C] -- C:\Users\Holger Schmid\Documents\Runes of Magic
[2012.05.24 06:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.05.23 16:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.23 16:19:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.05.21 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TORCS
[2012.05.17 07:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
[2012.05.17 07:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDex
[2012.05.12 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVR-Studio HD 2
[2012.05.12 05:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visagesoft
[2012.05.12 05:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM
[2012.05.12 05:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konz Steuertricks
[2012.05.12 05:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2011
[2012.05.09 04:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.09 04:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.09 04:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.06 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\TuneUp Software
[2012.05.06 12:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.06 12:21:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.06 12:21:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.04 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Music Editor Free
[2012.05.04 16:24:01 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2012.05.04 16:24:01 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2012.05.04 16:24:01 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2012.05.04 16:24:01 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
[2012.05.04 16:24:01 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2012.05.04 16:24:01 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2012.05.04 16:24:01 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2012.05.04 16:24:01 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2012.05.04 16:24:01 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2012.05.04 16:24:01 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll
[2012.05.04 16:19:02 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Audacity
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Holger Schmid\*.tmp files -> C:\Users\Holger Schmid\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 06:12:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Holger Schmid\Desktop\OTL.exe
[2012.06.03 06:12:07 | 000,000,000 | ---- | M] () -- C:\Users\Holger Schmid\defogger_reenable
[2012.06.03 06:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 05:53:18 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 05:53:18 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 05:52:10 | 000,354,816 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouafj9wz.dll
[2012.06.03 05:52:02 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.03 05:52:02 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.03 05:52:02 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.03 05:52:02 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.03 05:52:02 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.03 05:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.02 11:51:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 07:15:24 | 000,001,041 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\IfoEdit - Verknüpfung.lnk
[2012.05.31 20:25:00 | 000,002,593 | ---- | M] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.05.31 20:02:19 | 000,002,973 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\TV DIGITAL OnGuide.lnk
[2012.05.31 18:13:16 | 000,298,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.28 18:07:17 | 000,001,290 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed II.lnk
[2012.05.25 07:00:34 | 000,001,730 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed.lnk
[2012.05.22 19:08:35 | 001,197,568 | ---- | M] () -- C:\Users\Holger Schmid\Documents\papa.ec4
[2012.05.19 15:02:17 | 000,001,053 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\DVDFab Profile Editor.lnk
[2012.05.19 15:02:17 | 000,001,016 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\DVDFab 8 Qt.lnk
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.12 05:58:49 | 000,000,741 | ---- | M] () -- C:\Windows\wiso.ini
[2012.05.12 05:49:40 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.05.12 05:49:19 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.05.08 18:06:30 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 18:06:30 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.05 06:52:18 | 000,000,079 | ---- | M] () -- C:\Users\Holger Schmid\AppData\Local\CrystalDiskMark30.ini
[2012.05.04 16:27:53 | 000,000,750 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\mp3DirectCut.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Holger Schmid\*.tmp files -> C:\Users\Holger Schmid\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.03 06:12:07 | 000,000,000 | ---- | C] () -- C:\Users\Holger Schmid\defogger_reenable
[2012.06.02 11:51:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 07:15:24 | 000,001,041 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\IfoEdit - Verknüpfung.lnk
[2012.05.31 20:25:00 | 000,002,593 | ---- | C] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.05.31 20:02:19 | 000,002,973 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\TV DIGITAL OnGuide.lnk
[2012.05.28 18:07:17 | 000,001,290 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed II.lnk
[2012.05.25 07:00:34 | 000,001,730 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed.lnk
[2012.05.19 09:48:38 | 001,197,568 | ---- | C] () -- C:\Users\Holger Schmid\Documents\papa.ec4
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.12 05:49:40 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.05.12 05:49:30 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp
[2012.05.12 05:49:19 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.05.05 06:48:55 | 000,000,079 | ---- | C] () -- C:\Users\Holger Schmid\AppData\Local\CrystalDiskMark30.ini
[2012.05.04 16:27:53 | 000,000,750 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\mp3DirectCut.lnk
[2012.05.04 16:24:01 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2012.01.01 00:08:48 | 000,000,548 | ---- | C] () -- C:\Users\Holger Schmid\AppData\Roaming\burnaware.ini
[2011.11.16 10:23:32 | 000,001,571 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2011.11.16 10:23:32 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011.11.14 17:38:13 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.11.11 11:10:28 | 000,720,896 | ---- | C] () -- C:\Windows\EAInstall.dll
[2011.10.01 13:33:02 | 000,000,342 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.11 10:25:48 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011.09.04 09:15:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.04 09:15:46 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.28 18:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.06 17:46:50 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.05.06 17:46:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.05.06 17:46:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.05.06 17:46:50 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.05.06 17:46:50 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.05.06 17:46:50 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.05.06 17:46:50 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.05.06 17:46:50 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.05.06 17:46:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.05.06 17:46:50 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.05.06 17:46:50 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.05.06 17:46:50 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.05.06 17:46:50 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.05.06 17:46:50 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.05.06 17:46:50 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.05.06 17:46:50 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.05.06 17:46:50 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.05.06 17:46:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.05.06 17:46:50 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.05.06 17:46:06 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V30V300DEFGIPSRUk.ini
[2011.04.08 17:54:29 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.03.29 16:03:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.30 07:32:01 | 000,000,741 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.27 21:47:42 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
 
========== LOP Check ==========
 
[2011.04.13 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\AnvSoft
[2012.05.19 08:30:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\App Launcher Gadget
[2012.03.04 08:24:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo
[2011.04.13 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo Cover Studio
[2012.05.04 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Audacity
[2011.09.18 09:46:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\avidemux
[2011.01.30 07:32:29 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Buhl Data Service
[2011.01.28 06:42:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Canneverbe Limited
[2012.03.06 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoft
[2011.03.29 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.06 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Epson
[2011.11.11 11:14:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\FreeBurner
[2011.03.29 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\GetRightToGo
[2011.12.04 11:46:18 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\gtk-2.0
[2011.01.25 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Haenlein-Software
[2012.01.20 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\HandBrake
[2011.01.25 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ideazon
[2011.12.31 20:15:46 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\InfraRecorder
[2011.01.25 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Leadertech
[2012.05.04 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Music Editor Free
[2011.07.14 21:12:37 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\MyPhoneExplorer
[2011.11.09 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\NASNaviator2
[2011.04.28 08:28:06 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenCandy
[2012.05.31 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenOffice.org
[2012.01.15 14:31:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\pdfforge
[2011.04.28 08:28:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Reviversoft
[2011.04.09 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Sony
[2011.01.25 23:27:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Thunderbird
[2012.05.06 12:49:53 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\TuneUp Software
[2012.05.28 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ubisoft
[2012.06.01 23:30:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
[2012.04.06 12:42:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\XMedia Recode
[2012.04.14 16:25:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Ach so...schon mal DANKE für eure Bemühungen

cosinus · 05.06.2012, 13:59

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

LBHS2174 · 05.06.2012, 18:02

So, Malwarebytes und ESET nach Anleitung durchgeführt.

Hier die Logs:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Holger Schmid :: PISTENSAU [Administrator]

Schutz: Aktiviert

05.06.2012 16:50:08
mbam-log-2012-06-05 (16-50-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 415147
Laufzeit: 26 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET:

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f829be2633695d4bbc9f71c6beb48276
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 04:49:09
# local_time=2012-06-03 06:49:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17414594 17414594 0 0
# compatibility_mode=5893 16776573 100 94 87619 90328699 0 0
# compatibility_mode=8192 67108863 100 0 241 241 0 0
# scanned=2836
# found=0
# cleaned=0
# scan_time=99
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251

cosinus · 05.06.2012, 19:49

Allgemeine Hinweise bzgl. des Verschlüsselungstrojaners:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer

es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

LBHS2174 · 05.06.2012, 20:33

Danke für die Hinweise und die Hilfe. Wenn die Entschlüsselung irgendwann gehen sollte wäre es schön, aber ich hab zum Glück nicht allzuviel verloren.

Nochmal zur Sicherheit die Nachfrage: Momentan ist nichts negatives in den Logs zu entdecken? Oder soll ich noch irgendwelche Tools drüberlaufen lassen?
Ich Frage deshalb, weil ich dann wenigstens mal die Daten die der Virus nicht erwischt hat wegsichern könnte ohne mir die externe Festplatte zu versauen.

cosinus · 05.06.2012, 20:41

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

LBHS2174 · 06.06.2012, 04:30

So, hier das OTL Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.06.2012 05:16:28 - Run 3
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Holger Schmid\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,47% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 69,32 Gb Free Space | 62,07% Space Free | Partition Type: NTFS
Drive E: | 327,54 Gb Total Space | 274,46 Gb Free Space | 83,79% Space Free | Partition Type: NTFS
Drive F: | 592,25 Gb Total Space | 436,32 Gb Free Space | 73,67% Space Free | Partition Type: NTFS
Drive G: | 463,87 Gb Total Space | 196,61 Gb Free Space | 42,39% Space Free | Partition Type: NTFS
Drive H: | 467,64 Gb Total Space | 327,97 Gb Free Space | 70,13% Space Free | Partition Type: NTFS
Drive J: | 55,80 Gb Total Space | 3,38 Gb Free Space | 6,05% Space Free | Partition Type: NTFS
 
Computer Name: PISTENSAU | User Name: Holger Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Holger Schmid\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\Holger Schmid\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\pouafj9wz.dll (Parental Solutions Inc.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (WSearch) -- C:\Windows\SysNative\SearchIndexer.exe (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (WSearch) -- C:\Windows\SysWow64\SearchIndexer.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\B339.tmp (Sophos Plc)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (Alpham1) -- C:\Windows\SysNative\drivers\Alpham164.sys (Ideazon Corporation)
DRV:64bit: - (Alpham2) -- C:\Windows\SysNative\drivers\Alpham264.sys (Ideazon Corporation)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7599vHF0\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2129583992-881626457-2875677441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2129583992-881626457-2875677441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2129583992-881626457-2875677441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 0C 79 9F CE BC CB 01  [binary data]
IE - HKU\S-1-5-21-2129583992-881626457-2875677441-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2129583992-881626457-2875677441-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2129583992-881626457-2875677441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 19:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 13:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 06:31:19 | 000,000,000 | ---D | M]
 
[2011.01.25 23:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Extensions
[2011.01.25 23:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.06 05:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions
[2011.12.08 07:53:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.06.05 17:13:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.01.25 23:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 05:47:30 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.25 23:33:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\quickstores@quickstores.de
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\olgigzt8.default\extensions
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\olgigzt8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.04 05:11:29 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012.06.06 05:10:44 | 000,525,079 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.05.06 12:26:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.11 12:39:30 | 000,055,163 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE.XPI
[2012.03.23 09:57:15 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.04.25 19:46:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.17 06:30:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2129583992-881626457-2875677441-1001..\Run: [EPSON Stylus Photo R285 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_S6A66.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2129583992-881626457-2875677441-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2129583992-881626457-2875677441-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2129583992-881626457-2875677441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\d3dysiczx.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\nspynhau.dll (Zeroconf)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27F4D42-929E-442E-B2FB-3A5DC3ED2FFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CDC2C9-2416-4E24-9FAF-E926774F71F7}: NameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell - "" = AutoRun
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: LGODDFU - hkey= - key= - e:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
MsConfig:64bit - StartUpReg: Live Update 5 - hkey= - key= - C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: DnsCache - C:\Windows\SysNative\pouafj9wz.dll (Parental Solutions Inc.)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.05 14:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.06.05 14:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.06.05 05:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.06.05 05:27:45 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Local\Secunia PSI
[2012.06.05 05:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.06.03 06:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.03 06:41:32 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Holger Schmid\Desktop\esetsmartinstaller_enu.exe
[2012.06.03 06:12:30 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Holger Schmid\Desktop\OTL.exe
[2012.06.03 05:52:10 | 000,354,816 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouafj9wz.dll
[2012.06.02 11:51:58 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Malwarebytes
[2012.06.02 11:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.02 11:51:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.02 11:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.01 23:30:03 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
[2012.05.31 21:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.31 20:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVR-Studio HD 2
[2012.05.31 20:02:19 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV DIGITAL - OnGuide
[2012.05.31 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV DIGITAL
[2012.05.31 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\OpenOffice.org
[2012.05.31 17:58:14 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.31 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\DoctorWeb
[2012.05.24 12:24:29 | 000,000,000 | -H-D | C] -- C:\Users\Holger Schmid\Documents\Runes of Magic
[2012.05.24 06:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.05.23 16:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.23 16:19:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.05.21 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TORCS
[2012.05.17 07:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
[2012.05.17 07:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDex
[2012.05.12 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVR-Studio HD 2
[2012.05.12 05:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visagesoft
[2012.05.12 05:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM
[2012.05.12 05:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konz Steuertricks
[2012.05.12 05:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2011
[2012.05.09 04:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.09 04:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.09 04:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Holger Schmid\*.tmp files -> C:\Users\Holger Schmid\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.06 05:09:06 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 05:09:06 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 05:07:49 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.06 05:07:49 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.06 05:07:49 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.06 05:07:49 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.06 05:07:49 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 05:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 05:01:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.05 16:42:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Holger Schmid\Desktop\esetsmartinstaller_enu.exe
[2012.06.05 05:53:30 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.05 05:33:28 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.06.05 05:27:41 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.06.03 06:12:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Holger Schmid\Desktop\OTL.exe
[2012.06.03 06:12:07 | 000,000,000 | ---- | M] () -- C:\Users\Holger Schmid\defogger_reenable
[2012.06.03 05:52:10 | 000,354,816 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouafj9wz.dll
[2012.06.02 11:51:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 07:15:24 | 000,001,041 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\IfoEdit - Verknüpfung.lnk
[2012.05.31 20:25:00 | 000,002,593 | ---- | M] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.05.31 20:02:19 | 000,002,973 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\TV DIGITAL OnGuide.lnk
[2012.05.31 18:13:16 | 000,298,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.28 18:07:17 | 000,001,290 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed II.lnk
[2012.05.25 07:00:34 | 000,001,730 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed.lnk
[2012.05.22 19:08:35 | 001,197,568 | ---- | M] () -- C:\Users\Holger Schmid\Documents\papa.ec4
[2012.05.19 15:02:17 | 000,001,053 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\DVDFab Profile Editor.lnk
[2012.05.19 15:02:17 | 000,001,016 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\DVDFab 8 Qt.lnk
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.12 05:58:49 | 000,000,741 | ---- | M] () -- C:\Windows\wiso.ini
[2012.05.12 05:49:40 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.05.12 05:49:19 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.05.08 18:06:30 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 18:06:30 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Holger Schmid\*.tmp files -> C:\Users\Holger Schmid\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.05 05:53:30 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.05 05:33:28 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.06.05 05:27:41 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.06.05 05:27:41 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.06.03 06:12:07 | 000,000,000 | ---- | C] () -- C:\Users\Holger Schmid\defogger_reenable
[2012.06.02 11:51:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 07:15:24 | 000,001,041 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\IfoEdit - Verknüpfung.lnk
[2012.05.31 20:25:00 | 000,002,593 | ---- | C] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.05.31 20:02:19 | 000,002,973 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\TV DIGITAL OnGuide.lnk
[2012.05.28 18:07:17 | 000,001,290 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed II.lnk
[2012.05.25 07:00:34 | 000,001,730 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed.lnk
[2012.05.19 09:48:38 | 001,197,568 | ---- | C] () -- C:\Users\Holger Schmid\Documents\papa.ec4
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.12 05:49:40 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.05.12 05:49:30 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp
[2012.05.12 05:49:19 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.05.05 06:48:55 | 000,000,079 | ---- | C] () -- C:\Users\Holger Schmid\AppData\Local\CrystalDiskMark30.ini
[2012.01.01 00:08:48 | 000,000,548 | ---- | C] () -- C:\Users\Holger Schmid\AppData\Roaming\burnaware.ini
[2011.11.16 10:23:32 | 000,001,571 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2011.11.16 10:23:32 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011.11.14 17:38:13 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.11.11 11:10:28 | 000,720,896 | ---- | C] () -- C:\Windows\EAInstall.dll
[2011.10.01 13:33:02 | 000,000,342 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.11 10:25:48 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011.09.04 09:15:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.04 09:15:46 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.28 18:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.06 17:46:50 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.05.06 17:46:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.05.06 17:46:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.05.06 17:46:50 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.05.06 17:46:50 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.05.06 17:46:50 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.05.06 17:46:50 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.05.06 17:46:50 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.05.06 17:46:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.05.06 17:46:50 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.05.06 17:46:50 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.05.06 17:46:50 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.05.06 17:46:50 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.05.06 17:46:50 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.05.06 17:46:50 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.05.06 17:46:50 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.05.06 17:46:50 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.05.06 17:46:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.05.06 17:46:50 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.05.06 17:46:06 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V30V300DEFGIPSRUk.ini
[2011.04.08 17:54:29 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.03.29 16:03:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.30 07:32:01 | 000,000,741 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.27 21:47:42 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
 
========== LOP Check ==========
 
[2011.04.13 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\AnvSoft
[2012.05.19 08:30:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\App Launcher Gadget
[2012.03.04 08:24:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo
[2011.04.13 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo Cover Studio
[2012.05.04 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Audacity
[2011.09.18 09:46:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\avidemux
[2011.01.30 07:32:29 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Buhl Data Service
[2011.01.28 06:42:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Canneverbe Limited
[2012.03.06 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoft
[2011.03.29 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.06 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Epson
[2011.11.11 11:14:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\FreeBurner
[2011.03.29 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\GetRightToGo
[2011.12.04 11:46:18 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\gtk-2.0
[2011.01.25 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Haenlein-Software
[2012.01.20 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\HandBrake
[2011.01.25 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ideazon
[2011.12.31 20:15:46 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\InfraRecorder
[2011.01.25 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Leadertech
[2012.05.04 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Music Editor Free
[2011.07.14 21:12:37 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\MyPhoneExplorer
[2011.11.09 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\NASNaviator2
[2011.04.28 08:28:06 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenCandy
[2012.05.31 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenOffice.org
[2012.01.15 14:31:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\pdfforge
[2011.04.28 08:28:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Reviversoft
[2011.04.09 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Sony
[2011.01.25 23:27:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Thunderbird
[2012.05.06 12:49:53 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\TuneUp Software
[2012.05.28 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ubisoft
[2012.06.01 23:30:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
[2012.04.06 12:42:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\XMedia Recode
[2012.04.14 16:25:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.20 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Adobe
[2011.04.13 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\AnvSoft
[2012.05.19 08:30:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\App Launcher Gadget
[2012.03.04 08:24:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo
[2011.04.13 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo Cover Studio
[2012.01.08 09:09:06 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\ATI
[2012.05.04 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Audacity
[2011.09.18 09:46:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\avidemux
[2011.11.14 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Avira
[2011.01.30 07:32:29 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Buhl Data Service
[2011.01.28 06:42:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Canneverbe Limited
[2012.06.02 07:31:49 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\dvdcss
[2012.03.06 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoft
[2011.03.29 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.06 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Epson
[2011.11.11 11:14:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\FreeBurner
[2011.03.29 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\GetRightToGo
[2011.12.04 11:46:18 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\gtk-2.0
[2011.01.25 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Haenlein-Software
[2012.01.20 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\HandBrake
[2011.01.25 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ideazon
[2011.01.25 22:28:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Identities
[2011.12.31 20:15:46 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\InfraRecorder
[2011.01.25 23:43:20 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\InstallShield
[2012.03.20 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\InstallShield Installation Information
[2011.01.25 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Leadertech
[2011.01.25 22:51:06 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Logishrd
[2011.01.25 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Logitech
[2011.01.26 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Macromedia
[2012.06.02 11:51:58 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Media Center Programs
[2011.01.27 21:15:41 | 000,000,000 | --SD | M] -- C:\Users\Holger Schmid\AppData\Roaming\Microsoft
[2011.01.25 22:47:14 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Mozilla
[2012.05.04 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Music Editor Free
[2011.07.14 21:12:37 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\MyPhoneExplorer
[2011.11.09 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\NASNaviator2
[2012.01.07 23:18:38 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Nero
[2012.03.17 16:15:27 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\NVIDIA
[2011.04.28 08:28:06 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenCandy
[2012.05.31 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenOffice.org
[2012.01.15 14:31:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\pdfforge
[2011.03.29 16:40:51 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Real
[2011.04.28 08:28:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Reviversoft
[2011.09.04 09:15:20 | 000,000,000 | RH-D | M] -- C:\Users\Holger Schmid\AppData\Roaming\SecuROM
[2011.04.09 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Sony
[2011.01.25 23:27:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Thunderbird
[2012.05.06 12:49:53 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\TuneUp Software
[2012.05.28 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ubisoft
[2011.11.20 09:46:29 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\vlc
[2012.05.04 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Winamp
[2012.06.01 23:30:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
[2012.04.06 12:42:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2012.03.20 18:04:26 | 000,331,776 | ---- | M] () -- C:\Users\Holger Schmid\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe
[2011.02.24 01:28:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.05.04 16:27:14 | 000,290,154 | ---- | M] () -- C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Templates\mp3DC216.exe
[2011.04.28 08:28:07 | 000,416,160 | ---- | M] () -- C:\Users\Holger Schmid\AppData\Roaming\OpenCandy\OpenCandy_96952218D9014FF09385AE5F7EA44837\LatestDLMgr.exe
[2011.02.09 20:34:30 | 000,059,688 | ---- | M] () -- C:\Users\Holger Schmid\AppData\Roaming\OpenCandy\OpenCandy_96952218D9014FF09385AE5F7EA44837\RevStarter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86.SYS  >
[2009.04.09 02:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB7xx\RAID\XP\ahcix86.sys
[2009.04.09 02:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB7xx\RAID\XP\ahcix86.sys
[2009.04.09 03:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB7xx\RAID\XP\ahcix86.sys
[2009.04.09 03:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB7xx\RAID\XP\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB7xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB7xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB8xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB8xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 23:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB8xx\RAID\XP\ahcix86.sys
[2011.03.15 23:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB8xx\RAID_svr\XP\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\RAID\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\RAID\XP64A\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\RAID_svr\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\RAID_svr\XP64A\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB7xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB7xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB8xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB8xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 23:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID\XP\ahcix86.sys
[2011.03.15 23:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID_svr\XP\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\XP64A\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID_svr\XP\x86\ahcix86.sys
[2011.03.15 08:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID_svr\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB7xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB7xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB8xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB8xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.16 00:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB8xx\RAID\XP\ahcix86.sys
[2011.03.16 00:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB8xx\RAID_svr\XP\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\RAID\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\RAID\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\RAID_svr\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\RAID_svr\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB7xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB7xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB8xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB8xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.16 00:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID\XP\ahcix86.sys
[2011.03.16 00:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID_svr\XP\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\AHCI\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\AHCI\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\XP64A\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID_svr\XP\x86\ahcix86.sys
[2011.03.15 09:23:04 | 000,217,680 | ---- | M] (Advanced Micro Devices, Inc) MD5=D431E477D83694987AC82E5F3F6BCF1A -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID_svr\XP64A\x86\ahcix86.sys
 
< MD5 for: AHCIX86S.SYS  >
[2009.07.14 14:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB7xx\RAID\W7\ahcix86s.sys
[2009.07.14 14:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys
[2009.07.14 14:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\RAID\W7\ahcix86s.sys
[2009.07.14 14:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB7xx\RAID\W7\ahcix86s.sys
[2009.07.14 14:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID\W7\ahcix86s.sys
[2009.07.14 15:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB7xx\RAID\W7\ahcix86s.sys
[2009.07.14 15:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys
[2009.07.14 15:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\RAID\W7\ahcix86s.sys
[2009.07.14 15:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB7xx\RAID\W7\ahcix86s.sys
[2009.07.14 15:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID\W7\ahcix86s.sys
[2009.07.07 18:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2009.07.07 18:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB8xx\RAID\LH\ahcix86s.sys
[2009.07.07 18:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\RAID\LH\ahcix86s.sys
[2009.07.07 18:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB7xx\RAID\LH\ahcix86s.sys
[2009.07.07 18:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID\LH\ahcix86s.sys
[2009.07.07 19:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2009.07.07 19:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB8xx\RAID\LH\ahcix86s.sys
[2009.07.07 19:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\RAID\LH\ahcix86s.sys
[2009.07.07 19:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB7xx\RAID\LH\ahcix86s.sys
[2009.07.07 19:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID\LH\ahcix86s.sys
[2011.03.15 23:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB8xx\RAID_svr\LH\ahcix86s.sys
[2011.03.15 23:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv\SB9xx\RAID_svr\LH\ahcix86s.sys
[2011.03.15 23:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID_svr\LH\ahcix86s.sys
[2011.03.15 23:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID_svr\LH\ahcix86s.sys
[2011.03.16 00:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB8xx\RAID_svr\LH\ahcix86s.sys
[2011.03.16 00:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv\SB9xx\RAID_svr\LH\ahcix86s.sys
[2011.03.16 00:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB8xx\RAID_svr\LH\ahcix86s.sys
[2011.03.16 00:23:58 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=C65D1BADDBFC479F03DDA11AB460A899 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID_svr\LH\ahcix86s.sys
[2011.03.15 08:23:50 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=CF804500CC409B4BF0225DABC10C07D9 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\LH\ahcix86s.sys
[2011.03.15 08:23:50 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=CF804500CC409B4BF0225DABC10C07D9 -- C:\Program Files (x86)\MSI\Live Update 5\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\W7\ahcix86s.sys
[2011.03.15 09:23:50 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=CF804500CC409B4BF0225DABC10C07D9 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\LH\ahcix86s.sys
[2011.03.15 09:23:50 | 000,227,920 | ---- | M] (Advanced Micro Devices, Inc) MD5=CF804500CC409B4BF0225DABC10C07D9 -- C:\Windows\SysWOW64\Packages\Drivers\SBDrv_for_7695\SB9xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >

--- --- ---

cosinus · 06.06.2012, 12:57

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell - "" = AutoRun
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell\AutoRun\command - "" = I:\Startme.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

LBHS2174 · 06.06.2012, 14:49

So, Logfile nach dem Fix

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\ not found.
File I:\Startme.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Holger Schmid
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9127557 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1067548242 bytes
->Flash cache emptied: 1421 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 4848912 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74750 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 71489822 bytes
 
Total Files Cleaned = 1.100,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Holger Schmid
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.45.0 log created on 06062012_154005

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 06.06.2012, 15:31

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

LBHS2174 · 06.06.2012, 19:52

Hier das TDSS-Killer Log:

Code:

ATTFilter

 19:43:11.0336 2784	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:43:11.0760 2784	============================================================
19:43:11.0760 2784	Current date / time: 2012/06/06 19:43:11.0760
19:43:11.0760 2784	SystemInfo:
19:43:11.0760 2784	
19:43:11.0760 2784	OS Version: 6.1.7601 ServicePack: 1.0
19:43:11.0760 2784	Product type: Workstation
19:43:11.0760 2784	ComputerName: PISTENSAU
19:43:11.0761 2784	UserName: Holger Schmid
19:43:11.0761 2784	Windows directory: C:\Windows
19:43:11.0761 2784	System windows directory: C:\Windows
19:43:11.0761 2784	Running under WOW64
19:43:11.0761 2784	Processor architecture: Intel x64
19:43:11.0761 2784	Number of processors: 6
19:43:11.0761 2784	Page size: 0x1000
19:43:11.0761 2784	Boot type: Normal boot
19:43:11.0761 2784	============================================================
19:43:11.0985 2784	Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:11.0985 2784	Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:12.0006 2784	Drive \Device\Harddisk2\DR2 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:12.0007 2784	Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:12.0030 2784	============================================================
19:43:12.0030 2784	\Device\Harddisk0\DR0:
19:43:12.0030 2784	MBR partitions:
19:43:12.0030 2784	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:43:12.0030 2784	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0xDF61000
19:43:12.0030 2784	\Device\Harddisk1\DR1:
19:43:12.0030 2784	MBR partitions:
19:43:12.0030 2784	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:43:12.0030 2784	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x6F99F30
19:43:12.0030 2784	\Device\Harddisk2\DR2:
19:43:12.0030 2784	MBR partitions:
19:43:12.0030 2784	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x28F14000
19:43:12.0030 2784	\Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x2A684800, BlocksNum 0x4A081D70
19:43:12.0030 2784	\Device\Harddisk3\DR3:
19:43:12.0030 2784	MBR partitions:
19:43:12.0030 2784	\Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x39FBC000
19:43:12.0030 2784	\Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x39FBC800, BlocksNum 0x3A749000
19:43:12.0030 2784	============================================================
19:43:12.0032 2784	C: <-> \Device\Harddisk0\DR0\Partition1
19:43:12.0067 2784	E: <-> \Device\Harddisk2\DR2\Partition0
19:43:12.0110 2784	F: <-> \Device\Harddisk2\DR2\Partition1
19:43:12.0120 2784	G: <-> \Device\Harddisk3\DR3\Partition0
19:43:12.0143 2784	H: <-> \Device\Harddisk3\DR3\Partition1
19:43:12.0144 2784	J: <-> \Device\Harddisk1\DR1\Partition1
19:43:12.0144 2784	============================================================
19:43:12.0144 2784	Initialize success
19:43:12.0144 2784	============================================================
19:43:28.0365 2684	============================================================
19:43:28.0365 2684	Scan started
19:43:28.0365 2684	Mode: Manual; SigCheck; TDLFS; 
19:43:28.0365 2684	============================================================
19:43:28.0555 2684	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:43:28.0602 2684	1394ohci - ok
19:43:28.0614 2684	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:43:28.0629 2684	ACPI - ok
19:43:28.0633 2684	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:43:28.0653 2684	AcpiPmi - ok
19:43:28.0661 2684	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:43:28.0669 2684	AdobeARMservice - ok
19:43:28.0698 2684	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:43:28.0708 2684	AdobeFlashPlayerUpdateSvc - ok
19:43:28.0726 2684	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:43:28.0742 2684	adp94xx - ok
19:43:28.0755 2684	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:43:28.0769 2684	adpahci - ok
19:43:28.0777 2684	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:43:28.0788 2684	adpu320 - ok
19:43:28.0796 2684	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:43:28.0848 2684	AeLookupSvc - ok
19:43:28.0870 2684	Afc             (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
19:43:28.0892 2684	Afc - ok
19:43:28.0908 2684	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:43:28.0926 2684	AFD - ok
19:43:28.0930 2684	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:43:28.0940 2684	agp440 - ok
19:43:28.0945 2684	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:43:28.0958 2684	ALG - ok
19:43:28.0961 2684	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:43:28.0970 2684	aliide - ok
19:43:28.0974 2684	Alpham1         (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
19:43:28.0984 2684	Alpham1 - ok
19:43:28.0988 2684	Alpham2         (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
19:43:28.0997 2684	Alpham2 - ok
19:43:29.0000 2684	AMD FUEL Service - ok
19:43:29.0005 2684	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:43:29.0014 2684	amdide - ok
19:43:29.0019 2684	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:43:29.0027 2684	amdiox64 - ok
19:43:29.0033 2684	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:43:29.0044 2684	AmdK8 - ok
19:43:29.0048 2684	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:43:29.0058 2684	AmdPPM - ok
19:43:29.0063 2684	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:43:29.0073 2684	amdsata - ok
19:43:29.0082 2684	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:43:29.0094 2684	amdsbs - ok
19:43:29.0098 2684	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:43:29.0106 2684	amdxata - ok
19:43:29.0112 2684	amd_sata        (a1434f35b7b171cb697d74d33f7d029f) C:\Windows\system32\DRIVERS\amd_sata.sys
19:43:29.0120 2684	amd_sata - ok
19:43:29.0124 2684	amd_xata        (e9b5a82fa268bb2d1b012030d5f4e096) C:\Windows\system32\DRIVERS\amd_xata.sys
19:43:29.0132 2684	amd_xata - ok
19:43:29.0142 2684	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:43:29.0151 2684	AntiVirSchedulerService - ok
19:43:29.0157 2684	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:43:29.0166 2684	AntiVirService - ok
19:43:29.0170 2684	AODDriver4.01   (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:43:29.0179 2684	AODDriver4.01 - ok
19:43:29.0183 2684	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:43:29.0247 2684	AppID - ok
19:43:29.0251 2684	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:43:29.0280 2684	AppIDSvc - ok
19:43:29.0285 2684	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:43:29.0312 2684	Appinfo - ok
19:43:29.0318 2684	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:43:29.0330 2684	arc - ok
19:43:29.0335 2684	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:43:29.0345 2684	arcsas - ok
19:43:29.0348 2684	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:29.0377 2684	AsyncMac - ok
19:43:29.0381 2684	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:43:29.0391 2684	atapi - ok
19:43:29.0394 2684	AtiPcie         (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:43:29.0402 2684	AtiPcie - ok
19:43:29.0425 2684	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:43:29.0460 2684	AudioEndpointBuilder - ok
19:43:29.0466 2684	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:43:29.0497 2684	AudioSrv - ok
19:43:29.0505 2684	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:43:29.0514 2684	avgntflt - ok
19:43:29.0521 2684	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:43:29.0530 2684	avipbb - ok
19:43:29.0534 2684	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:43:29.0543 2684	avkmgr - ok
19:43:29.0550 2684	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:43:29.0565 2684	AxInstSV - ok
19:43:29.0582 2684	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:43:29.0598 2684	b06bdrv - ok
19:43:29.0610 2684	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:43:29.0624 2684	b57nd60a - ok
19:43:29.0631 2684	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:43:29.0643 2684	BDESVC - ok
19:43:29.0646 2684	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:43:29.0675 2684	Beep - ok
19:43:29.0699 2684	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:43:29.0733 2684	BFE - ok
19:43:29.0763 2684	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:43:29.0802 2684	BITS - ok
19:43:29.0809 2684	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:43:29.0819 2684	blbdrive - ok
19:43:29.0825 2684	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:43:29.0836 2684	bowser - ok
19:43:29.0839 2684	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:43:29.0851 2684	BrFiltLo - ok
19:43:29.0854 2684	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:43:29.0865 2684	BrFiltUp - ok
19:43:29.0871 2684	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:43:29.0900 2684	Browser - ok
19:43:29.0910 2684	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:43:29.0925 2684	Brserid - ok
19:43:29.0930 2684	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:43:29.0942 2684	BrSerWdm - ok
19:43:29.0946 2684	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:43:29.0958 2684	BrUsbMdm - ok
19:43:29.0961 2684	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:43:29.0971 2684	BrUsbSer - ok
19:43:29.0976 2684	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:43:29.0988 2684	BTHMODEM - ok
19:43:29.0995 2684	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:43:30.0024 2684	bthserv - ok
19:43:30.0030 2684	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:43:30.0059 2684	cdfs - ok
19:43:30.0066 2684	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:43:30.0078 2684	cdrom - ok
19:43:30.0084 2684	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:43:30.0112 2684	CertPropSvc - ok
19:43:30.0117 2684	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:43:30.0129 2684	circlass - ok
19:43:30.0142 2684	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:43:30.0157 2684	CLFS - ok
19:43:30.0163 2684	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:43:30.0172 2684	clr_optimization_v2.0.50727_32 - ok
19:43:30.0178 2684	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:43:30.0187 2684	clr_optimization_v2.0.50727_64 - ok
19:43:30.0197 2684	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:43:30.0210 2684	clr_optimization_v4.0.30319_32 - ok
19:43:30.0219 2684	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:43:30.0229 2684	clr_optimization_v4.0.30319_64 - ok
19:43:30.0232 2684	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:43:30.0242 2684	CmBatt - ok
19:43:30.0246 2684	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:43:30.0254 2684	cmdide - ok
19:43:30.0270 2684	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:43:30.0292 2684	CNG - ok
19:43:30.0296 2684	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:43:30.0304 2684	Compbatt - ok
19:43:30.0309 2684	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:43:30.0322 2684	CompositeBus - ok
19:43:30.0325 2684	COMSysApp - ok
19:43:30.0330 2684	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:43:30.0340 2684	crcdisk - ok
19:43:30.0352 2684	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:43:30.0381 2684	CryptSvc - ok
19:43:30.0402 2684	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:43:30.0436 2684	DcomLaunch - ok
19:43:30.0447 2684	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:43:30.0478 2684	defragsvc - ok
19:43:30.0559 2684	DevoloNetworkService (141673e69cfdcf0b1531616343223ee4) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
19:43:30.0609 2684	DevoloNetworkService - ok
19:43:30.0638 2684	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:43:30.0678 2684	DfsC - ok
19:43:30.0694 2684	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:43:30.0725 2684	Dhcp - ok
19:43:30.0729 2684	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:43:30.0758 2684	discache - ok
19:43:30.0764 2684	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:43:30.0774 2684	Disk - ok
19:43:30.0786 2684	Dnscache        (118fc5fb5d51aed43e9cb1d685d38b1c) C:\Windows\System32\pouafj9wz.dll
19:43:30.0795 2684	Dnscache ( UnsignedFile.Multi.Generic ) - warning
19:43:30.0795 2684	Dnscache - detected UnsignedFile.Multi.Generic (1)
19:43:30.0805 2684	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:43:30.0835 2684	dot3svc - ok
19:43:30.0843 2684	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:43:30.0873 2684	DPS - ok
19:43:30.0876 2684	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:43:30.0888 2684	drmkaud - ok
19:43:30.0921 2684	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:43:30.0946 2684	DXGKrnl - ok
19:43:30.0953 2684	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:43:30.0984 2684	EapHost - ok
19:43:31.0065 2684	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:43:31.0111 2684	ebdrv - ok
19:43:31.0133 2684	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:43:31.0145 2684	EFS - ok
19:43:31.0163 2684	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:43:31.0180 2684	elxstor - ok
19:43:31.0187 2684	EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
19:43:31.0197 2684	EPSON_PM_RPCV4_01 - ok
19:43:31.0201 2684	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:43:31.0211 2684	ErrDev - ok
19:43:31.0230 2684	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:43:31.0263 2684	EventSystem - ok
19:43:31.0272 2684	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:43:31.0303 2684	exfat - ok
19:43:31.0311 2684	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:43:31.0342 2684	fastfat - ok
19:43:31.0364 2684	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:43:31.0385 2684	Fax - ok
19:43:31.0389 2684	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:43:31.0399 2684	fdc - ok
19:43:31.0402 2684	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:43:31.0431 2684	fdPHost - ok
19:43:31.0434 2684	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:43:31.0461 2684	FDResPub - ok
19:43:31.0466 2684	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:43:31.0476 2684	FileInfo - ok
19:43:31.0480 2684	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:43:31.0507 2684	Filetrace - ok
19:43:31.0511 2684	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:43:31.0521 2684	flpydisk - ok
19:43:31.0532 2684	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:43:31.0545 2684	FltMgr - ok
19:43:31.0576 2684	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:43:31.0600 2684	FontCache - ok
19:43:31.0605 2684	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:43:31.0612 2684	FontCache3.0.0.0 - ok
19:43:31.0621 2684	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:43:31.0630 2684	FsDepends - ok
19:43:31.0634 2684	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:43:31.0644 2684	Fs_Rec - ok
19:43:31.0653 2684	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:43:31.0668 2684	fvevol - ok
19:43:31.0673 2684	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:43:31.0682 2684	gagp30kx - ok
19:43:31.0686 2684	ggflt           (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
19:43:31.0694 2684	ggflt - ok
19:43:31.0698 2684	ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
19:43:31.0706 2684	ggsemc - ok
19:43:31.0730 2684	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:43:31.0766 2684	gpsvc - ok
19:43:31.0770 2684	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:43:31.0781 2684	hcw85cir - ok
19:43:31.0794 2684	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:43:31.0810 2684	HdAudAddService - ok
19:43:31.0816 2684	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:43:31.0830 2684	HDAudBus - ok
19:43:31.0833 2684	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:43:31.0843 2684	HidBatt - ok
19:43:31.0849 2684	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:43:31.0861 2684	HidBth - ok
19:43:31.0866 2684	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:43:31.0878 2684	HidIr - ok
19:43:31.0882 2684	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:43:31.0910 2684	hidserv - ok
19:43:31.0914 2684	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:43:31.0923 2684	HidUsb - ok
19:43:31.0929 2684	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:43:31.0957 2684	hkmsvc - ok
19:43:31.0968 2684	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:43:31.0981 2684	HomeGroupListener - ok
19:43:31.0990 2684	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:43:32.0003 2684	HomeGroupProvider - ok
19:43:32.0008 2684	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:43:32.0019 2684	HpSAMD - ok
19:43:32.0046 2684	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:43:32.0083 2684	HTTP - ok
19:43:32.0086 2684	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:43:32.0095 2684	hwpolicy - ok
19:43:32.0100 2684	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:43:32.0110 2684	i8042prt - ok
19:43:32.0124 2684	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:43:32.0138 2684	iaStorV - ok
19:43:32.0165 2684	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:43:32.0185 2684	idsvc - ok
19:43:32.0190 2684	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:43:32.0200 2684	iirsp - ok
19:43:32.0226 2684	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:43:32.0262 2684	IKEEXT - ok
19:43:32.0361 2684	IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
19:43:32.0423 2684	IntcAzAudAddService - ok
19:43:32.0449 2684	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:43:32.0458 2684	intelide - ok
19:43:32.0462 2684	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:43:32.0473 2684	intelppm - ok
19:43:32.0478 2684	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:43:32.0508 2684	IPBusEnum - ok
19:43:32.0514 2684	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:32.0541 2684	IpFilterDriver - ok
19:43:32.0562 2684	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:43:32.0595 2684	iphlpsvc - ok
19:43:32.0600 2684	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:43:32.0611 2684	IPMIDRV - ok
19:43:32.0616 2684	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:43:32.0646 2684	IPNAT - ok
19:43:32.0649 2684	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:43:32.0663 2684	IRENUM - ok
19:43:32.0666 2684	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:43:32.0675 2684	isapnp - ok
19:43:32.0685 2684	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:43:32.0698 2684	iScsiPrt - ok
19:43:32.0702 2684	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:43:32.0712 2684	kbdclass - ok
19:43:32.0716 2684	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:43:32.0725 2684	kbdhid - ok
19:43:32.0729 2684	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:43:32.0738 2684	KeyIso - ok
19:43:32.0743 2684	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:43:32.0753 2684	KSecDD - ok
19:43:32.0760 2684	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:43:32.0771 2684	KSecPkg - ok
19:43:32.0774 2684	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:43:32.0803 2684	ksthunk - ok
19:43:32.0814 2684	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:43:32.0847 2684	KtmRm - ok
19:43:32.0857 2684	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:43:32.0888 2684	LanmanServer - ok
19:43:32.0894 2684	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:43:32.0923 2684	LanmanWorkstation - ok
19:43:32.0937 2684	LBTServ         (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:43:32.0950 2684	LBTServ - ok
19:43:32.0958 2684	LEqdUsb         (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
19:43:32.0967 2684	LEqdUsb - ok
19:43:32.0970 2684	LHidEqd         (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
19:43:32.0978 2684	LHidEqd - ok
19:43:32.0982 2684	LHidFilt        (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:43:32.0990 2684	LHidFilt - ok
19:43:32.0997 2684	LightScribeService (17203d81a68d9162db9022a1fc601778) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:43:33.0002 2684	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:43:33.0002 2684	LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:43:33.0007 2684	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:43:33.0035 2684	lltdio - ok
19:43:33.0045 2684	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:43:33.0076 2684	lltdsvc - ok
19:43:33.0080 2684	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:43:33.0107 2684	lmhosts - ok
19:43:33.0111 2684	LMouFilt        (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:43:33.0119 2684	LMouFilt - ok
19:43:33.0127 2684	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:43:33.0137 2684	LSI_FC - ok
19:43:33.0145 2684	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:43:33.0156 2684	LSI_SAS - ok
19:43:33.0161 2684	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:43:33.0171 2684	LSI_SAS2 - ok
19:43:33.0176 2684	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:43:33.0187 2684	LSI_SCSI - ok
19:43:33.0193 2684	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:43:33.0222 2684	luafv - ok
19:43:33.0227 2684	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:43:33.0236 2684	MBAMProtector - ok
19:43:33.0255 2684	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:43:33.0275 2684	MBAMService - ok
19:43:33.0279 2684	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:43:33.0289 2684	megasas - ok
19:43:33.0300 2684	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:43:33.0313 2684	MegaSR - ok
19:43:33.0317 2684	MEMSWEEP2 - ok
19:43:33.0323 2684	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:43:33.0351 2684	MMCSS - ok
19:43:33.0355 2684	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:43:33.0383 2684	Modem - ok
19:43:33.0387 2684	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:43:33.0400 2684	monitor - ok
19:43:33.0404 2684	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:43:33.0414 2684	mouclass - ok
19:43:33.0418 2684	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:43:33.0428 2684	mouhid - ok
19:43:33.0434 2684	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:43:33.0444 2684	mountmgr - ok
19:43:33.0452 2684	MozillaMaintenance (65f455520aeaaccfb1bdf47f8ab308ee) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:43:33.0462 2684	MozillaMaintenance - ok
19:43:33.0469 2684	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:43:33.0480 2684	mpio - ok
19:43:33.0485 2684	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:43:33.0514 2684	mpsdrv - ok
19:43:33.0542 2684	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:43:33.0579 2684	MpsSvc - ok
19:43:33.0586 2684	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:43:33.0601 2684	MRxDAV - ok
19:43:33.0607 2684	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:33.0619 2684	mrxsmb - ok
19:43:33.0630 2684	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:33.0643 2684	mrxsmb10 - ok
19:43:33.0649 2684	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:33.0660 2684	mrxsmb20 - ok
19:43:33.0664 2684	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
19:43:33.0673 2684	msahci - ok
19:43:33.0680 2684	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:43:33.0691 2684	msdsm - ok
19:43:33.0698 2684	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:43:33.0710 2684	MSDTC - ok
19:43:33.0718 2684	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:43:33.0745 2684	Msfs - ok
19:43:33.0748 2684	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:43:33.0775 2684	mshidkmdf - ok
19:43:33.0779 2684	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:43:33.0788 2684	msisadrv - ok
19:43:33.0795 2684	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:43:33.0824 2684	MSiSCSI - ok
19:43:33.0828 2684	msiserver - ok
19:43:33.0835 2684	MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
19:43:33.0845 2684	MSI_MSIBIOS_010507 - ok
19:43:33.0848 2684	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:43:33.0875 2684	MSKSSRV - ok
19:43:33.0879 2684	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:33.0906 2684	MSPCLOCK - ok
19:43:33.0909 2684	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:43:33.0937 2684	MSPQM - ok
19:43:33.0950 2684	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:43:33.0964 2684	MsRPC - ok
19:43:33.0970 2684	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:43:33.0979 2684	mssmbios - ok
19:43:33.0982 2684	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:43:34.0010 2684	MSTEE - ok
19:43:34.0013 2684	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:43:34.0022 2684	MTConfig - ok
19:43:34.0027 2684	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:43:34.0038 2684	Mup - ok
19:43:34.0053 2684	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:43:34.0087 2684	napagent - ok
19:43:34.0090 2684	NasPmService - ok
19:43:34.0102 2684	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:43:34.0119 2684	NativeWifiP - ok
19:43:34.0153 2684	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:43:34.0177 2684	NDIS - ok
19:43:34.0181 2684	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:34.0209 2684	NdisCap - ok
19:43:34.0213 2684	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:34.0240 2684	NdisTapi - ok
19:43:34.0245 2684	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:34.0271 2684	Ndisuio - ok
19:43:34.0280 2684	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:34.0308 2684	NdisWan - ok
19:43:34.0313 2684	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:43:34.0341 2684	NDProxy - ok
19:43:34.0345 2684	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:43:34.0373 2684	NetBIOS - ok
19:43:34.0384 2684	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:43:34.0414 2684	NetBT - ok
19:43:34.0418 2684	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:43:34.0427 2684	Netlogon - ok
19:43:34.0440 2684	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:43:34.0473 2684	Netman - ok
19:43:34.0491 2684	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:43:34.0525 2684	netprofm - ok
19:43:34.0532 2684	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:43:34.0542 2684	NetTcpPortSharing - ok
19:43:34.0546 2684	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:43:34.0556 2684	nfrd960 - ok
19:43:34.0568 2684	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:43:34.0598 2684	NlaSvc - ok
19:43:34.0606 2684	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:43:34.0634 2684	Npfs - ok
19:43:34.0656 2684	NPF_devolo      (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
19:43:34.0665 2684	NPF_devolo - ok
19:43:34.0669 2684	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:43:34.0697 2684	nsi - ok
19:43:34.0701 2684	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:43:34.0728 2684	nsiproxy - ok
19:43:34.0785 2684	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:43:34.0821 2684	Ntfs - ok
19:43:34.0827 2684	NTIOLib_1_0_4   (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
19:43:34.0836 2684	NTIOLib_1_0_4 - ok
19:43:34.0840 2684	NTIOLib_1_0_6   (c02f70960fa934b8defa16a03d7f6556) C:\Program Files (x86)\Setup Files\Ms7599vHF0\NTIOLib_X64.sys
19:43:34.0847 2684	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - warning
19:43:34.0847 2684	NTIOLib_1_0_6 - detected UnsignedFile.Multi.Generic (1)
19:43:34.0871 2684	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:43:34.0899 2684	Null - ok
19:43:34.0903 2684	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:43:34.0912 2684	nusb3hub - ok
19:43:34.0920 2684	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:43:34.0930 2684	nusb3xhc - ok
19:43:34.0938 2684	NVHDA           (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
19:43:34.0951 2684	NVHDA - ok
19:43:35.0306 2684	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:43:35.0529 2684	nvlddmkm - ok
19:43:35.0563 2684	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:43:35.0574 2684	nvraid - ok
19:43:35.0581 2684	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:43:35.0593 2684	nvstor - ok
19:43:35.0618 2684	NVSvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
19:43:35.0640 2684	NVSvc - ok
19:43:35.0675 2684	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:43:35.0702 2684	nvUpdatusService - ok
19:43:35.0728 2684	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:43:35.0738 2684	nv_agp - ok
19:43:35.0743 2684	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:43:35.0754 2684	ohci1394 - ok
19:43:35.0768 2684	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:43:35.0784 2684	p2pimsvc - ok
19:43:35.0801 2684	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:43:35.0818 2684	p2psvc - ok
19:43:35.0823 2684	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:43:35.0833 2684	Parport - ok
19:43:35.0838 2684	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:43:35.0848 2684	partmgr - ok
19:43:35.0857 2684	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:43:35.0874 2684	PcaSvc - ok
19:43:35.0882 2684	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:43:35.0894 2684	pci - ok
19:43:35.0897 2684	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:43:35.0906 2684	pciide - ok
19:43:35.0914 2684	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:43:35.0926 2684	pcmcia - ok
19:43:35.0931 2684	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:43:35.0941 2684	pcw - ok
19:43:35.0965 2684	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:43:36.0002 2684	PEAUTH - ok
19:43:36.0025 2684	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:43:36.0036 2684	PerfHost - ok
19:43:36.0100 2684	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:43:36.0144 2684	pla - ok
19:43:36.0161 2684	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:43:36.0177 2684	PlugPlay - ok
19:43:36.0181 2684	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:43:36.0191 2684	PNRPAutoReg - ok
19:43:36.0205 2684	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:43:36.0217 2684	PNRPsvc - ok
19:43:36.0232 2684	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:43:36.0265 2684	PolicyAgent - ok
19:43:36.0274 2684	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:43:36.0303 2684	Power - ok
19:43:36.0312 2684	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:43:36.0340 2684	PptpMiniport - ok
19:43:36.0344 2684	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:43:36.0355 2684	Processor - ok
19:43:36.0364 2684	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:43:36.0393 2684	ProfSvc - ok
19:43:36.0397 2684	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:43:36.0406 2684	ProtectedStorage - ok
19:43:36.0413 2684	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:43:36.0439 2684	Psched - ok
19:43:36.0443 2684	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
19:43:36.0452 2684	PSI - ok
19:43:36.0495 2684	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:43:36.0527 2684	ql2300 - ok
19:43:36.0557 2684	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:43:36.0567 2684	ql40xx - ok
19:43:36.0577 2684	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:43:36.0594 2684	QWAVE - ok
19:43:36.0598 2684	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:43:36.0612 2684	QWAVEdrv - ok
19:43:36.0615 2684	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:43:36.0643 2684	RasAcd - ok
19:43:36.0648 2684	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:43:36.0675 2684	RasAgileVpn - ok
19:43:36.0680 2684	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:43:36.0710 2684	RasAuto - ok
19:43:36.0717 2684	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:43:36.0744 2684	Rasl2tp - ok
19:43:36.0758 2684	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:43:36.0789 2684	RasMan - ok
19:43:36.0796 2684	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:43:36.0824 2684	RasPppoe - ok
19:43:36.0830 2684	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:43:36.0858 2684	RasSstp - ok
19:43:36.0869 2684	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:43:36.0899 2684	rdbss - ok
19:43:36.0903 2684	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:43:36.0915 2684	rdpbus - ok
19:43:36.0918 2684	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:43:36.0946 2684	RDPCDD - ok
19:43:36.0951 2684	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:43:36.0979 2684	RDPENCDD - ok
19:43:36.0984 2684	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:43:37.0011 2684	RDPREFMP - ok
19:43:37.0019 2684	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:43:37.0031 2684	RDPWD - ok
19:43:37.0041 2684	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:43:37.0054 2684	rdyboost - ok
19:43:37.0060 2684	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:43:37.0089 2684	RemoteAccess - ok
19:43:37.0095 2684	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:43:37.0126 2684	RemoteRegistry - ok
19:43:37.0132 2684	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:43:37.0161 2684	RpcEptMapper - ok
19:43:37.0164 2684	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:43:37.0176 2684	RpcLocator - ok
19:43:37.0195 2684	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:43:37.0225 2684	RpcSs - ok
19:43:37.0230 2684	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:43:37.0259 2684	rspndr - ok
19:43:37.0278 2684	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:43:37.0297 2684	RTL8167 - ok
19:43:37.0303 2684	s0017bus        (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys
19:43:37.0313 2684	s0017bus - ok
19:43:37.0317 2684	s0017mdfl       (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys
19:43:37.0325 2684	s0017mdfl - ok
19:43:37.0332 2684	s0017mdm        (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys
19:43:37.0342 2684	s0017mdm - ok
19:43:37.0348 2684	s0017mgmt       (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys
19:43:37.0359 2684	s0017mgmt - ok
19:43:37.0363 2684	s0017nd5        (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys
19:43:37.0371 2684	s0017nd5 - ok
19:43:37.0378 2684	s0017obex       (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys
19:43:37.0387 2684	s0017obex - ok
19:43:37.0394 2684	s0017unic       (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys
19:43:37.0404 2684	s0017unic - ok
19:43:37.0407 2684	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:43:37.0416 2684	SamSs - ok
19:43:37.0902 2684	SANDRA - ok
19:43:37.0910 2684	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:43:37.0920 2684	sbp2port - ok
19:43:37.0927 2684	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:43:37.0957 2684	SCardSvr - ok
19:43:37.0961 2684	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:43:37.0988 2684	scfilter - ok
19:43:38.0024 2684	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:43:38.0065 2684	Schedule - ok
19:43:38.0071 2684	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:43:38.0097 2684	SCPolicySvc - ok
19:43:38.0105 2684	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:43:38.0119 2684	SDRSVC - ok
19:43:38.0125 2684	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:43:38.0153 2684	secdrv - ok
19:43:38.0157 2684	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:43:38.0184 2684	seclogon - ok
19:43:38.0214 2684	Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:43:38.0235 2684	Secunia PSI Agent - ok
19:43:38.0250 2684	Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
19:43:38.0263 2684	Secunia Update Agent - ok
19:43:38.0287 2684	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:43:38.0317 2684	SENS - ok
19:43:38.0321 2684	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:43:38.0333 2684	SensrSvc - ok
19:43:38.0339 2684	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:43:38.0349 2684	Serenum - ok
19:43:38.0355 2684	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:43:38.0366 2684	Serial - ok
19:43:38.0372 2684	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:43:38.0382 2684	sermouse - ok
19:43:38.0393 2684	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:43:38.0422 2684	SessionEnv - ok
19:43:38.0425 2684	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:43:38.0437 2684	sffdisk - ok
19:43:38.0441 2684	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:43:38.0453 2684	sffp_mmc - ok
19:43:38.0456 2684	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:43:38.0467 2684	sffp_sd - ok
19:43:38.0471 2684	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:43:38.0481 2684	sfloppy - ok
19:43:38.0493 2684	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:43:38.0524 2684	SharedAccess - ok
19:43:38.0537 2684	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:43:38.0568 2684	ShellHWDetection - ok
19:43:38.0572 2684	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:43:38.0582 2684	SiSRaid2 - ok
19:43:38.0586 2684	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:43:38.0596 2684	SiSRaid4 - ok
19:43:38.0602 2684	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:43:38.0631 2684	Smb - ok
19:43:38.0639 2684	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:43:38.0650 2684	SNMPTRAP - ok
19:43:38.0660 2684	Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:43:38.0668 2684	Sony PC Companion - ok
19:43:38.0672 2684	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:43:38.0681 2684	spldr - ok
19:43:38.0700 2684	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:43:38.0733 2684	Spooler - ok
19:43:38.0852 2684	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:43:38.0929 2684	sppsvc - ok
19:43:38.0954 2684	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:43:38.0982 2684	sppuinotify - ok
19:43:39.0000 2684	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:43:39.0015 2684	srv - ok
19:43:39.0028 2684	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:43:39.0042 2684	srv2 - ok
19:43:39.0050 2684	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:43:39.0061 2684	srvnet - ok
19:43:39.0084 2684	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:43:39.0114 2684	SSDPSRV - ok
19:43:39.0119 2684	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:43:39.0148 2684	SstpSvc - ok
19:43:39.0153 2684	Steam Client Service - ok
19:43:39.0167 2684	Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:43:39.0181 2684	Stereo Service - ok
19:43:39.0185 2684	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:43:39.0195 2684	stexstor - ok
19:43:39.0216 2684	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:43:39.0238 2684	stisvc - ok
19:43:39.0241 2684	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:43:39.0250 2684	swenum - ok
19:43:39.0267 2684	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:43:39.0302 2684	swprv - ok
19:43:39.0355 2684	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:43:39.0392 2684	SysMain - ok
19:43:39.0416 2684	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:43:39.0432 2684	TabletInputService - ok
19:43:39.0445 2684	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:43:39.0476 2684	TapiSrv - ok
19:43:39.0482 2684	TBPanel - ok
19:43:39.0488 2684	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:43:39.0517 2684	TBS - ok
19:43:39.0568 2684	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:43:39.0606 2684	Tcpip - ok
19:43:39.0676 2684	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:43:39.0706 2684	TCPIP6 - ok
19:43:39.0733 2684	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:43:39.0760 2684	tcpipreg - ok
19:43:39.0766 2684	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:43:39.0774 2684	TDPIPE - ok
19:43:39.0778 2684	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:43:39.0787 2684	TDTCP - ok
19:43:39.0793 2684	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:43:39.0820 2684	tdx - ok
19:43:39.0825 2684	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:43:39.0835 2684	TermDD - ok
19:43:39.0856 2684	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:43:39.0891 2684	TermService - ok
19:43:39.0896 2684	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:43:39.0910 2684	Themes - ok
19:43:39.0915 2684	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:43:39.0942 2684	THREADORDER - ok
19:43:39.0949 2684	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:43:39.0979 2684	TrkWks - ok
19:43:39.0987 2684	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:43:40.0016 2684	TrustedInstaller - ok
19:43:40.0022 2684	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:43:40.0049 2684	tssecsrv - ok
19:43:40.0054 2684	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:43:40.0066 2684	TsUsbFlt - ok
19:43:40.0072 2684	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:43:40.0099 2684	tunnel - ok
19:43:40.0104 2684	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:43:40.0114 2684	uagp35 - ok
19:43:40.0125 2684	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:43:40.0155 2684	udfs - ok
19:43:40.0163 2684	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:43:40.0174 2684	UI0Detect - ok
19:43:40.0179 2684	UimBus          (aa5822906c923d8f2a7600f172f14280) C:\Windows\system32\DRIVERS\uimx64.sys
19:43:40.0188 2684	UimBus - ok
19:43:40.0205 2684	Uim_IM          (01cff05c68ba8666e556ef497149dc76) C:\Windows\system32\Drivers\Uim_IMx64.sys
19:43:40.0221 2684	Uim_IM - ok
19:43:40.0226 2684	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:43:40.0235 2684	uliagpkx - ok
19:43:40.0240 2684	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:43:40.0251 2684	umbus - ok
19:43:40.0254 2684	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:43:40.0263 2684	UmPass - ok
19:43:40.0267 2684	Update-Service - ok
19:43:40.0281 2684	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:43:40.0314 2684	upnphost - ok
19:43:40.0321 2684	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:43:40.0334 2684	usbaudio - ok
19:43:40.0339 2684	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:43:40.0350 2684	usbccgp - ok
19:43:40.0356 2684	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:43:40.0368 2684	usbcir - ok
19:43:40.0373 2684	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:43:40.0383 2684	usbehci - ok
19:43:40.0389 2684	usbfilter       (33a58c5630200e17b51c8d73dd64181b) C:\Windows\system32\DRIVERS\usbfilter.sys
19:43:40.0397 2684	usbfilter - ok
19:43:40.0410 2684	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:43:40.0423 2684	usbhub - ok
19:43:40.0426 2684	USBMULCD - ok
19:43:40.0431 2684	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:43:40.0441 2684	usbohci - ok
19:43:40.0445 2684	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:43:40.0457 2684	usbprint - ok
19:43:40.0460 2684	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:43:40.0472 2684	usbscan - ok
19:43:40.0478 2684	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:43:40.0489 2684	USBSTOR - ok
19:43:40.0493 2684	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:43:40.0506 2684	usbuhci - ok
19:43:40.0511 2684	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:43:40.0539 2684	UxSms - ok
19:43:40.0543 2684	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:43:40.0552 2684	VaultSvc - ok
19:43:40.0556 2684	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:43:40.0566 2684	vdrvroot - ok
19:43:40.0582 2684	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:43:40.0615 2684	vds - ok
19:43:40.0620 2684	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:43:40.0631 2684	vga - ok
19:43:40.0635 2684	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:43:40.0662 2684	VgaSave - ok
19:43:40.0671 2684	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:43:40.0682 2684	vhdmp - ok
19:43:40.0686 2684	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:43:40.0695 2684	viaide - ok
19:43:40.0700 2684	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:43:40.0709 2684	volmgr - ok
19:43:40.0724 2684	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:43:40.0739 2684	volmgrx - ok
19:43:40.0751 2684	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:43:40.0764 2684	volsnap - ok
19:43:40.0772 2684	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:43:40.0783 2684	vsmraid - ok
19:43:40.0828 2684	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:43:40.0875 2684	VSS - ok
19:43:40.0900 2684	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:43:40.0913 2684	vwifibus - ok
19:43:40.0926 2684	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:43:40.0959 2684	W32Time - ok
19:43:40.0964 2684	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:43:40.0974 2684	WacomPen - ok
19:43:40.0980 2684	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:43:41.0007 2684	WANARP - ok
19:43:41.0011 2684	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:43:41.0036 2684	Wanarpv6 - ok
19:43:41.0080 2684	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:43:41.0108 2684	wbengine - ok
19:43:41.0135 2684	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:43:41.0151 2684	WbioSrvc - ok
19:43:41.0165 2684	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:43:41.0184 2684	wcncsvc - ok
19:43:41.0188 2684	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:43:41.0199 2684	WcsPlugInService - ok
19:43:41.0204 2684	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:43:41.0213 2684	Wd - ok
19:43:41.0235 2684	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:43:41.0256 2684	Wdf01000 - ok
19:43:41.0262 2684	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:43:41.0294 2684	WdiServiceHost - ok
19:43:41.0297 2684	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:43:41.0312 2684	WdiSystemHost - ok
19:43:41.0325 2684	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:43:41.0343 2684	WebClient - ok
19:43:41.0352 2684	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:43:41.0383 2684	Wecsvc - ok
19:43:41.0389 2684	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:43:41.0418 2684	wercplsupport - ok
19:43:41.0424 2684	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:43:41.0453 2684	WerSvc - ok
19:43:41.0459 2684	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:41.0486 2684	WfpLwf - ok
19:43:41.0489 2684	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:43:41.0499 2684	WIMMount - ok
19:43:41.0502 2684	WinDefend - ok
19:43:41.0507 2684	WinHttpAutoProxySvc - ok
19:43:41.0521 2684	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:43:41.0551 2684	Winmgmt - ok
19:43:41.0606 2684	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:43:41.0658 2684	WinRM - ok
19:43:41.0688 2684	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:43:41.0700 2684	WinUsb - ok
19:43:41.0724 2684	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:43:41.0749 2684	Wlansvc - ok
19:43:41.0825 2684	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:43:41.0872 2684	wlidsvc - ok
19:43:41.0897 2684	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
19:43:41.0905 2684	WmBEnum - ok
19:43:41.0909 2684	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
19:43:41.0917 2684	WmFilter - ok
19:43:41.0922 2684	WmHidLo         (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
19:43:41.0930 2684	WmHidLo - ok
19:43:41.0934 2684	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:43:41.0944 2684	WmiAcpi - ok
19:43:41.0956 2684	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:43:41.0968 2684	wmiApSrv - ok
19:43:41.0972 2684	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
19:43:41.0980 2684	WmVirHid - ok
19:43:41.0985 2684	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
19:43:41.0993 2684	WmXlCore - ok
19:43:41.0997 2684	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:43:42.0007 2684	WPCSvc - ok
19:43:42.0014 2684	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:43:42.0031 2684	WPDBusEnum - ok
19:43:42.0035 2684	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:43:42.0063 2684	ws2ifsl - ok
19:43:42.0067 2684	WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
19:43:42.0076 2684	WsAudio_DeviceS(1) - ok
19:43:42.0080 2684	WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
19:43:42.0088 2684	WsAudio_DeviceS(2) - ok
19:43:42.0092 2684	WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
19:43:42.0100 2684	WsAudio_DeviceS(3) - ok
19:43:42.0104 2684	WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
19:43:42.0112 2684	WsAudio_DeviceS(4) - ok
19:43:42.0117 2684	WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
19:43:42.0125 2684	WsAudio_DeviceS(5) - ok
19:43:42.0130 2684	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:43:42.0145 2684	wscsvc - ok
19:43:42.0148 2684	WSearch - ok
19:43:42.0228 2684	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:43:42.0289 2684	wuauserv - ok
19:43:42.0316 2684	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:43:42.0344 2684	WudfPf - ok
19:43:42.0352 2684	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:43:42.0381 2684	WUDFRd - ok
19:43:42.0387 2684	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:43:42.0415 2684	wudfsvc - ok
19:43:42.0424 2684	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:43:42.0442 2684	WwanSvc - ok
19:43:42.0463 2684	xnacc           (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
19:43:42.0482 2684	xnacc - ok
19:43:42.0488 2684	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
19:43:42.0498 2684	xusb21 - ok
19:43:42.0506 2684	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:43:42.0589 2684	\Device\Harddisk0\DR0 - ok
19:43:42.0599 2684	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:43:42.0716 2684	\Device\Harddisk1\DR1 - ok
19:43:42.0741 2684	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
19:43:42.0937 2684	\Device\Harddisk2\DR2 - ok
19:43:42.0939 2684	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
19:43:42.0991 2684	\Device\Harddisk3\DR3 - ok
19:43:42.0996 2684	Boot (0x1200)   (adfa30d37c35da7e58e14062d7e1230a) \Device\Harddisk0\DR0\Partition0
19:43:42.0997 2684	\Device\Harddisk0\DR0\Partition0 - ok
19:43:42.0999 2684	Boot (0x1200)   (110af1c18b6a5d031e491c66cd017d06) \Device\Harddisk0\DR0\Partition1
19:43:43.0000 2684	\Device\Harddisk0\DR0\Partition1 - ok
19:43:43.0003 2684	Boot (0x1200)   (adfa30d37c35da7e58e14062d7e1230a) \Device\Harddisk1\DR1\Partition0
19:43:43.0004 2684	\Device\Harddisk1\DR1\Partition0 - ok
19:43:43.0006 2684	Boot (0x1200)   (7b9db297c4c41af0325c93dc4237723f) \Device\Harddisk1\DR1\Partition1
19:43:43.0007 2684	\Device\Harddisk1\DR1\Partition1 - ok
19:43:43.0042 2684	Boot (0x1200)   (8d694549ef2e66e8fce15933bbc6becd) \Device\Harddisk2\DR2\Partition0
19:43:43.0043 2684	\Device\Harddisk2\DR2\Partition0 - ok
19:43:43.0070 2684	Boot (0x1200)   (fa39ac401348bf63cd288af621b8ce40) \Device\Harddisk2\DR2\Partition1
19:43:43.0071 2684	\Device\Harddisk2\DR2\Partition1 - ok
19:43:43.0074 2684	Boot (0x1200)   (32191268b15b2b9f37173b0e172ac0df) \Device\Harddisk3\DR3\Partition0
19:43:43.0075 2684	\Device\Harddisk3\DR3\Partition0 - ok
19:43:43.0077 2684	Boot (0x1200)   (b82603a133c06c41136d96ca587c65e8) \Device\Harddisk3\DR3\Partition1
19:43:43.0078 2684	\Device\Harddisk3\DR3\Partition1 - ok
19:43:43.0079 2684	============================================================
19:43:43.0079 2684	Scan finished
19:43:43.0079 2684	============================================================
19:43:43.0087 5356	Detected object count: 3
19:43:43.0087 5356	Actual detected object count: 3
20:47:29.0119 5356	Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:29.0119 5356	Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:47:29.0122 5356	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:29.0122 5356	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:47:29.0126 5356	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:29.0126 5356	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 07.06.2012, 12:34

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

LBHS2174 · 07.06.2012, 14:13

Und jetzt das Combofix Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-07.03 - Holger Schmid 07.06.2012  14:55:30.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2624 [GMT 2:00]
ausgeführt von:: c:\users\Holger Schmid\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml6CF5.tmp
c:\programdata\xml6DA2.tmp
c:\programdata\xml6DD2.tmp
c:\users\Holger Schmid\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\HOLGER~1\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\windows\IsUn0407.exe
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\bin
c:\windows\SysWow64\bin\atidcmxx.sys
c:\windows\SysWow64\bin\ATILog.dll
c:\windows\SysWow64\bin\ATIManifestDLMExt.dll
c:\windows\SysWow64\bin\ATISetup.exe
c:\windows\SysWow64\bin\CompressionDLMExt.dll
c:\windows\SysWow64\bin\ControlCenterActions.dll
c:\windows\SysWow64\bin\CRCVerDLMExt.dll
c:\windows\SysWow64\bin\DetectionManager.dll
c:\windows\SysWow64\bin\difxapi.dll
c:\windows\SysWow64\bin\DLMCom.dll
c:\windows\SysWow64\bin\EncryptionDLMExt.dll
c:\windows\SysWow64\bin\InstallManager.dll
c:\windows\SysWow64\bin\InstallManagerApp.exe
c:\windows\SysWow64\bin\InstallManagerApp.exe.manifest
c:\windows\SysWow64\bin\LanguageMgr.dll
c:\windows\SysWow64\bin\mfc80u.dll
c:\windows\SysWow64\bin\Microsoft.VC80.ATL.manifest
c:\windows\SysWow64\bin\Microsoft.VC80.CRT.manifest
c:\windows\SysWow64\bin\Microsoft.VC80.MFC.manifest
c:\windows\SysWow64\bin\Microsoft.VC80.MFCLOC.manifest
c:\windows\SysWow64\bin\Microsoft.VC80.OpenMP.manifest
c:\windows\SysWow64\bin\msvcp80.dll
c:\windows\SysWow64\bin\msvcr80.dll
c:\windows\SysWow64\bin\PackageManager.dll
c:\windows\SysWow64\bin\Setup.exe
c:\windows\SysWow64\bin\Setup.exe.manifest
c:\windows\SysWow64\bin\xerces-c_2_6.dll
c:\windows\SysWow64\bin\zlibwapi.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\images
c:\windows\SysWow64\images\a.jpg
c:\windows\SysWow64\images\b.jpg
c:\windows\SysWow64\images\c.jpg
c:\windows\SysWow64\images\d.jpg
c:\windows\SysWow64\images\e.jpg
c:\windows\SysWow64\images\f.jpg
c:\windows\SysWow64\ReadMe.txt
c:\windows\SysWow64\setup.ini
H:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-07 bis 2012-06-07  ))))))))))))))))))))))))))))))
.
.
2012-06-06 13:40 . 2012-06-06 13:40	--------	d-----w-	C:\_OTL
2012-06-06 03:10 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{713288EB-18BB-4EAD-8FBA-01C718A5FC15}\mpengine.dll
2012-06-05 12:27 . 2012-06-05 12:27	--------	d-----w-	c:\program files (x86)\Sophos
2012-06-05 03:51 . 2012-06-05 03:51	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-06-05 03:27 . 2012-06-05 03:27	--------	d-----w-	c:\users\Holger Schmid\AppData\Local\Secunia PSI
2012-06-05 03:27 . 2012-06-05 03:27	--------	d-----w-	c:\program files (x86)\Secunia
2012-06-03 04:43 . 2012-06-03 04:43	--------	d-----w-	c:\program files (x86)\ESET
2012-06-03 03:52 . 2012-06-03 03:52	354816	----a-w-	c:\windows\system32\pouafj9wz.dll
2012-06-02 09:51 . 2012-06-02 09:51	--------	d-----w-	c:\users\Holger Schmid\AppData\Roaming\Malwarebytes
2012-06-02 09:51 . 2012-06-02 09:51	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 09:51 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-01 21:30 . 2012-06-01 21:30	--------	d-----w-	c:\users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
2012-05-31 19:44 . 2012-05-31 19:44	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-31 18:02 . 2012-05-31 18:02	--------	d-----w-	c:\program files (x86)\TV DIGITAL
2012-05-31 15:58 . 2012-05-31 15:58	--------	d-----w-	c:\users\Holger Schmid\AppData\Roaming\OpenOffice.org
2012-05-31 13:21 . 2012-05-31 13:21	--------	d-----w-	c:\users\Holger Schmid\DoctorWeb
2012-05-24 04:41 . 2012-05-28 14:56	--------	d-----w-	c:\programdata\Ubisoft
2012-05-17 05:51 . 2012-05-17 05:53	--------	d-----w-	c:\program files (x86)\CDex
2012-05-15 00:21 . 2012-05-15 00:21	423744	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-05-12 11:10 . 2012-05-31 18:25	--------	d-----w-	c:\program files (x86)\DVR-Studio HD 2
2012-05-09 02:23 . 2012-05-09 02:23	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-09 02:23 . 2012-05-09 02:23	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 15:18 . 2012-04-08 03:44	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-05 15:18 . 2011-05-14 04:02	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-03-13 18:18	949056	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-08-10 04:24	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-08-10 04:24	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-08-10 04:24	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-05-28 04:28	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-01-25 20:42	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-01-25 20:42	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-04-07 21:19	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-04-07 21:19	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-04-07 21:19	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-01-07 19:49	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-03-13 18:19	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-04-07 21:18	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-04-07 21:19	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-08 16:06 . 2011-11-14 16:24	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:06 . 2011-11-14 16:24	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 05:06 . 2012-04-08 04:06	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 14:27 . 2012-05-04 14:27	290154	----a-w-	c:\users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Templates\mp3DC216.exe
2012-04-18 17:08 . 2012-03-13 18:18	1451840	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe [2010-10-28 1906152]
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2011-11-9 206128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe [2011-1-30 1263216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 257696]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B339.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-23 129976]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7599vHF0\NTIOLib_X64.sys [2011-01-06 11888]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2012-02-28 3128856]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [2010-10-28 251256]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2012-01-31 34048]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 12:09	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube Download - c:\users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{C2CDC2C9-2416-4E24-9FAF-E926774F71F7}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Holger Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\n7mx9z4r.default\
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B339.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2129583992-881626457-2875677441-1001\Software\SecuROM\License information*]
"datasecu"=hex:75,a8,10,50,32,87,49,13,00,d8,a1,36,07,6c,8d,0d,66,19,18,38,3a,
   5a,89,f0,7d,76,d7,1e,04,b5,d4,36,14,60,35,7c,c8,87,9b,55,ba,c7,39,be,5b,55,\
"rkeysecu"=hex:a5,b1,94,07,c8,ea,42,31,f3,b2,56,f3,ec,40,76,70
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-07  15:01:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-07 13:01
.
Vor Suchlauf: 10 Verzeichnis(se), 75.030.953.984 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 74.683.318.272 Bytes frei
.
- - End Of File - - CBAAA2EE7E0D75C99DE43CF9A741F3C6

--- --- ---

cosinus · 07.06.2012, 15:44

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\windows\system32\pouafj9wz.dll

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

LBHS2174 · 07.06.2012, 16:43

Das neue ComboFix Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-07.03 - Holger Schmid 07.06.2012  17:29:04.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2658 [GMT 2:00]
ausgeführt von:: c:\users\Holger Schmid\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Holger Schmid\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\pouafj9wz.dll"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Holger Schmid\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\HOLGER~1\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\windows\system32\pouafj9wz.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-07 bis 2012-06-07  ))))))))))))))))))))))))))))))
.
.
2012-06-07 15:32 . 2012-06-07 15:32	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-06-07 15:32 . 2012-06-07 15:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-07 15:23 . 2012-06-07 15:23	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 15:23 . 2012-06-07 15:23	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 13:40 . 2012-06-06 13:40	--------	d-----w-	C:\_OTL
2012-06-06 03:10 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{713288EB-18BB-4EAD-8FBA-01C718A5FC15}\mpengine.dll
2012-06-05 12:27 . 2012-06-05 12:27	--------	d-----w-	c:\program files (x86)\Sophos
2012-06-05 03:51 . 2012-06-05 03:51	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-06-05 03:27 . 2012-06-05 03:27	--------	d-----w-	c:\users\Holger Schmid\AppData\Local\Secunia PSI
2012-06-05 03:27 . 2012-06-05 03:27	--------	d-----w-	c:\program files (x86)\Secunia
2012-06-03 04:43 . 2012-06-03 04:43	--------	d-----w-	c:\program files (x86)\ESET
2012-06-02 09:51 . 2012-06-02 09:51	--------	d-----w-	c:\users\Holger Schmid\AppData\Roaming\Malwarebytes
2012-06-02 09:51 . 2012-06-02 09:51	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 09:51 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-01 21:30 . 2012-06-01 21:30	--------	d-----w-	c:\users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
2012-05-31 19:44 . 2012-05-31 19:44	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-31 18:02 . 2012-05-31 18:02	--------	d-----w-	c:\program files (x86)\TV DIGITAL
2012-05-31 15:58 . 2012-05-31 15:58	--------	d-----w-	c:\users\Holger Schmid\AppData\Roaming\OpenOffice.org
2012-05-31 13:21 . 2012-05-31 13:21	--------	d-----w-	c:\users\Holger Schmid\DoctorWeb
2012-05-24 04:41 . 2012-05-28 14:56	--------	d-----w-	c:\programdata\Ubisoft
2012-05-17 05:51 . 2012-05-17 05:53	--------	d-----w-	c:\program files (x86)\CDex
2012-05-15 00:21 . 2012-05-15 00:21	423744	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-05-12 11:10 . 2012-05-31 18:25	--------	d-----w-	c:\program files (x86)\DVR-Studio HD 2
2012-05-09 02:23 . 2012-05-09 02:23	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-09 02:23 . 2012-05-09 02:23	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 15:18 . 2012-04-08 03:44	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-05 15:18 . 2011-05-14 04:02	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-03-13 18:18	949056	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-08-10 04:24	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-08-10 04:24	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-08-10 04:24	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-05-28 04:28	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-01-25 20:42	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-01-25 20:42	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-04-07 21:19	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-04-07 21:19	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-04-07 21:19	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-01-07 19:49	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-03-13 18:19	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-04-07 21:18	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-04-07 21:19	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-08 16:06 . 2011-11-14 16:24	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:06 . 2011-11-14 16:24	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 05:06 . 2012-04-08 04:06	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 14:27 . 2012-05-04 14:27	290154	----a-w-	c:\users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Templates\mp3DC216.exe
2012-04-18 17:08 . 2012-03-13 18:18	1451840	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-07_13.00.04   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-07 15:33	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-07 12:59	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-07 12:59	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-07 15:33	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-07 12:59	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-07 15:33	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-25 20:40 . 2012-06-07 13:09	68742              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-07 13:09	55042              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-25 20:38 . 2012-06-07 13:09	12484              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2129583992-881626457-2875677441-1001_UserData.bin
+ 2011-01-26 03:21 . 2012-06-07 15:33	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-26 03:21 . 2012-06-07 12:59	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-26 03:21 . 2012-06-07 12:59	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-26 03:21 . 2012-06-07 15:33	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-07 15:33	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-07 12:59	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-25 20:29 . 2012-06-07 13:08	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-25 20:29 . 2012-06-07 12:59	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-25 20:29 . 2012-06-07 13:08	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-25 20:29 . 2012-06-07 12:59	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-25 20:29 . 2012-06-07 12:59	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-25 20:29 . 2012-06-07 13:08	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-25 20:37 . 2012-06-07 12:11	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-25 20:37 . 2012-06-07 15:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-25 20:37 . 2012-06-07 15:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-25 20:37 . 2012-06-07 12:11	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-07 12:59 . 2012-06-07 12:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-07 15:33 . 2012-06-07 15:33	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-07 10:35	616032              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-07 13:13	616032              c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-06-07 13:13	654150              c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-06-07 10:35	654150              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-07 13:13	106412              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-07 10:35	106412              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-06-07 10:35	130022              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-06-07 13:13	130022              c:\windows\system32\perfc007.dat
- 2011-11-16 06:54 . 2012-06-07 12:59	459672              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-16 06:54 . 2012-06-07 15:32	459672              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-07 12:59	286768              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-07 15:32	286768              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-25 17:50 . 2012-06-07 15:32	38883324              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2129583992-881626457-2875677441-1001-8192.dat
- 2011-03-25 17:50 . 2012-06-07 12:59	38883324              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2129583992-881626457-2875677441-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe [2010-10-28 1906152]
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2011-11-9 206128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe [2011-1-30 1263216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 257696]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B339.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-07 113120]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7599vHF0\NTIOLib_X64.sys [2011-01-06 11888]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2012-02-28 3128856]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [2010-10-28 251256]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2012-01-31 34048]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 12:09	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube Download - c:\users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{C2CDC2C9-2416-4E24-9FAF-E926774F71F7}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Holger Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\n7mx9z4r.default\
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B339.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2129583992-881626457-2875677441-1001\Software\SecuROM\License information*]
"datasecu"=hex:75,a8,10,50,32,87,49,13,00,d8,a1,36,07,6c,8d,0d,66,19,18,38,3a,
   5a,89,f0,7d,76,d7,1e,04,b5,d4,36,14,60,35,7c,c8,87,9b,55,ba,c7,39,be,5b,55,\
"rkeysecu"=hex:a5,b1,94,07,c8,ea,42,31,f3,b2,56,f3,ec,40,76,70
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-07  17:34:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-07 15:34
ComboFix2.txt  2012-06-07 13:01
.
Vor Suchlauf: 13 Verzeichnis(se), 74.772.631.552 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 74.448.547.840 Bytes frei
.
- - End Of File - - C88973ACADFD365DFDCCA591A2B31DE7

--- --- ---