Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen

Ambanja · 27.08.2012, 09:21

hier nochmal der Malwarebytes Logfile.
Den TDSSKiller Log mache ich gleich nochmal

Ambanja · 27.08.2012, 09:36

konnte den Log TDSSKiller-Log nicht anhängen, da er zu groß ist.
Daher post ich ihn jetzt hier :

10:27:24.0281 2268 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:27:26.0293 2268 ============================================================
10:27:26.0293 2268 Current date / time: 2012/08/27 10:27:26.0293
10:27:26.0293 2268 SystemInfo:
10:27:26.0293 2268
10:27:26.0293 2268 OS Version: 6.1.7601 ServicePack: 1.0
10:27:26.0293 2268 Product type: Workstation
10:27:26.0293 2268 ComputerName: AMBANJA-PC
10:27:26.0293 2268 UserName: Ambanja
10:27:26.0293 2268 Windows directory: C:\Windows
10:27:26.0293 2268 System windows directory: C:\Windows
10:27:26.0293 2268 Processor architecture: Intel x86
10:27:26.0293 2268 Number of processors: 2
10:27:26.0293 2268 Page size: 0x1000
10:27:26.0293 2268 Boot type: Normal boot
10:27:26.0293 2268 ============================================================
10:27:26.0933 2268 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:27:26.0964 2268 ============================================================
10:27:26.0964 2268 \Device\Harddisk0\DR0:
10:27:26.0964 2268 MBR partitions:
10:27:26.0964 2268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
10:27:26.0979 2268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x183A1856
10:27:26.0979 2268 ============================================================
10:27:26.0995 2268 C: <-> \Device\Harddisk0\DR0\Partition1
10:27:27.0011 2268 D: <-> \Device\Harddisk0\DR0\Partition2
10:27:27.0011 2268 ============================================================
10:27:27.0011 2268 Initialize success
10:27:27.0011 2268 ============================================================
10:27:33.0578 2620 ============================================================
10:27:33.0578 2620 Scan started
10:27:33.0578 2620 Mode: Manual;
10:27:33.0578 2620 ============================================================
10:27:34.0062 2620 ================ Scan system memory ========================
10:27:34.0062 2620 System memory - ok
10:27:34.0062 2620 ================ Scan services =============================
10:27:34.0280 2620 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:27:34.0280 2620 1394ohci - ok
10:27:34.0405 2620 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
10:27:34.0405 2620 a2acc - ok
10:27:34.0514 2620 [ 0D050186CF421131B43D00024BD9B8BB ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
10:27:34.0545 2620 a2AntiMalware - ok
10:27:34.0577 2620 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
10:27:34.0592 2620 A2DDA - ok
10:27:34.0639 2620 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:27:34.0639 2620 ACPI - ok
10:27:34.0686 2620 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:27:34.0686 2620 AcpiPmi - ok
10:27:34.0795 2620 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:27:34.0795 2620 AdobeFlashPlayerUpdateSvc - ok
10:27:34.0889 2620 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:27:34.0904 2620 adp94xx - ok
10:27:34.0935 2620 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:27:34.0935 2620 adpahci - ok
10:27:34.0951 2620 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:27:34.0967 2620 adpu320 - ok
10:27:35.0013 2620 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:27:35.0013 2620 AeLookupSvc - ok
10:27:35.0091 2620 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
10:27:35.0107 2620 AESTFilters - ok
10:27:35.0185 2620 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
10:27:35.0185 2620 AFD - ok
10:27:35.0216 2620 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:27:35.0216 2620 agp440 - ok
10:27:35.0279 2620 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:27:35.0279 2620 aic78xx - ok
10:27:35.0341 2620 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:27:35.0341 2620 ALG - ok
10:27:35.0357 2620 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
10:27:35.0372 2620 aliide - ok
10:27:35.0388 2620 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:27:35.0388 2620 amdagp - ok
10:27:35.0403 2620 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
10:27:35.0419 2620 amdide - ok
10:27:35.0466 2620 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:27:35.0466 2620 AmdK8 - ok
10:27:35.0497 2620 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:27:35.0513 2620 AmdPPM - ok
10:27:35.0528 2620 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:27:35.0528 2620 amdsata - ok
10:27:35.0559 2620 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:27:35.0559 2620 amdsbs - ok
10:27:35.0606 2620 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:27:35.0606 2620 amdxata - ok
10:27:35.0669 2620 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
10:27:35.0669 2620 AppID - ok
10:27:35.0684 2620 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:27:35.0700 2620 AppIDSvc - ok
10:27:35.0731 2620 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
10:27:35.0731 2620 Appinfo - ok
10:27:35.0778 2620 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
10:27:35.0778 2620 AppMgmt - ok
10:27:35.0809 2620 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:27:35.0809 2620 arc - ok
10:27:35.0825 2620 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:27:35.0825 2620 arcsas - ok
10:27:35.0887 2620 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:27:35.0887 2620 aswFsBlk - ok
10:27:35.0918 2620 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:27:35.0918 2620 aswMonFlt - ok
10:27:35.0965 2620 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
10:27:35.0965 2620 aswRdr - ok
10:27:36.0059 2620 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:27:36.0074 2620 aswSnx - ok
10:27:36.0137 2620 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:27:36.0137 2620 aswSP - ok
10:27:36.0168 2620 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:27:36.0168 2620 aswTdi - ok
10:27:36.0199 2620 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:36.0199 2620 AsyncMac - ok
10:27:36.0261 2620 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
10:27:36.0261 2620 atapi - ok
10:27:36.0324 2620 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:27:36.0324 2620 AudioEndpointBuilder - ok
10:27:36.0355 2620 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:27:36.0355 2620 Audiosrv - ok
10:27:36.0433 2620 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
10:27:36.0433 2620 avast! Antivirus - ok
10:27:36.0495 2620 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:27:36.0495 2620 AxInstSV - ok
10:27:36.0542 2620 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:27:36.0558 2620 b06bdrv - ok
10:27:36.0573 2620 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:27:36.0573 2620 b57nd60x - ok
10:27:36.0698 2620 [ 3DA1C04EA8C09A9F77A951D5AE4F8CFC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
10:27:36.0729 2620 BCM43XX - ok
10:27:36.0776 2620 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:27:36.0776 2620 BDESVC - ok
10:27:36.0823 2620 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:27:36.0823 2620 Beep - ok
10:27:36.0870 2620 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
10:27:36.0885 2620 BFE - ok
10:27:36.0932 2620 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:27:36.0932 2620 blbdrive - ok
10:27:36.0979 2620 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:27:36.0979 2620 bowser - ok
10:27:37.0010 2620 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:27:37.0010 2620 BrFiltLo - ok
10:27:37.0041 2620 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:27:37.0041 2620 BrFiltUp - ok
10:27:37.0057 2620 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:27:37.0057 2620 BridgeMP - ok
10:27:37.0119 2620 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
10:27:37.0119 2620 Browser - ok
10:27:37.0151 2620 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:27:37.0151 2620 Brserid - ok
10:27:37.0182 2620 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:37.0182 2620 BrSerWdm - ok
10:27:37.0213 2620 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:37.0213 2620 BrUsbMdm - ok
10:27:37.0244 2620 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:37.0244 2620 BrUsbSer - ok
10:27:37.0275 2620 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:27:37.0291 2620 BTHMODEM - ok
10:27:37.0338 2620 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:27:37.0338 2620 bthserv - ok
10:27:37.0494 2620 catchme - ok
10:27:37.0525 2620 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:27:37.0525 2620 cdfs - ok
10:27:37.0572 2620 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:27:37.0587 2620 cdrom - ok
10:27:37.0634 2620 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
10:27:37.0634 2620 CertPropSvc - ok
10:27:37.0665 2620 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:27:37.0665 2620 circlass - ok
10:27:37.0712 2620 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:27:37.0712 2620 CLFS - ok
10:27:37.0790 2620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:37.0790 2620 clr_optimization_v2.0.50727_32 - ok
10:27:37.0868 2620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:37.0868 2620 clr_optimization_v4.0.30319_32 - ok
10:27:37.0899 2620 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:37.0899 2620 CmBatt - ok
10:27:37.0946 2620 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:27:37.0946 2620 cmdide - ok
10:27:37.0993 2620 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
10:27:37.0993 2620 CNG - ok
10:27:38.0055 2620 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:27:38.0055 2620 Com4QLBEx - ok
10:27:38.0102 2620 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:27:38.0102 2620 Compbatt - ok
10:27:38.0149 2620 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:27:38.0149 2620 CompositeBus - ok
10:27:38.0165 2620 COMSysApp - ok
10:27:38.0196 2620 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:27:38.0196 2620 crcdisk - ok
10:27:38.0274 2620 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:27:38.0289 2620 CryptSvc - ok
10:27:38.0336 2620 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
10:27:38.0336 2620 CSC - ok
10:27:38.0383 2620 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
10:27:38.0399 2620 CscService - ok
10:27:38.0430 2620 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:27:38.0461 2620 DcomLaunch - ok
10:27:38.0492 2620 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:27:38.0508 2620 defragsvc - ok
10:27:38.0539 2620 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:27:38.0555 2620 DfsC - ok
10:27:38.0601 2620 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:27:38.0601 2620 Dhcp - ok
10:27:38.0648 2620 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:27:38.0648 2620 discache - ok
10:27:38.0695 2620 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:27:38.0695 2620 Disk - ok
10:27:38.0742 2620 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:27:38.0742 2620 Dnscache - ok
10:27:38.0773 2620 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
10:27:38.0773 2620 dot3svc - ok
10:27:38.0804 2620 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
10:27:38.0804 2620 DPS - ok
10:27:38.0851 2620 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:27:38.0851 2620 drmkaud - ok
10:27:38.0913 2620 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:27:38.0913 2620 DXGKrnl - ok
10:27:38.0960 2620 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:27:38.0960 2620 EapHost - ok
10:27:39.0069 2620 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:27:39.0116 2620 ebdrv - ok
10:27:39.0147 2620 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
10:27:39.0163 2620 EFS - ok
10:27:39.0210 2620 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:27:39.0225 2620 ehRecvr - ok
10:27:39.0257 2620 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:27:39.0257 2620 ehSched - ok
10:27:39.0303 2620 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:27:39.0319 2620 elxstor - ok
10:27:39.0350 2620 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:27:39.0350 2620 ErrDev - ok
10:27:39.0413 2620 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:27:39.0413 2620 EventSystem - ok
10:27:39.0459 2620 [ DAFC7E1B2FFA35CCBDDF95AE3E31BFAE ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
10:27:39.0475 2620 ewusbnet - ok
10:27:39.0491 2620 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:27:39.0506 2620 exfat - ok
10:27:39.0522 2620 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:27:39.0537 2620 fastfat - ok
10:27:39.0569 2620 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
10:27:39.0584 2620 Fax - ok
10:27:39.0615 2620 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:27:39.0631 2620 fdc - ok
10:27:39.0662 2620 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:27:39.0662 2620 fdPHost - ok
10:27:39.0693 2620 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:27:39.0709 2620 FDResPub - ok
10:27:39.0725 2620 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:27:39.0725 2620 FileInfo - ok
10:27:39.0756 2620 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:27:39.0756 2620 Filetrace - ok
10:27:39.0787 2620 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:39.0787 2620 flpydisk - ok
10:27:39.0818 2620 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:27:39.0834 2620 FltMgr - ok
10:27:39.0896 2620 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
10:27:39.0912 2620 FontCache - ok
10:27:39.0974 2620 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:39.0974 2620 FontCache3.0.0.0 - ok
10:27:39.0990 2620 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:27:39.0990 2620 FsDepends - ok
10:27:40.0021 2620 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:27:40.0037 2620 Fs_Rec - ok
10:27:40.0083 2620 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:27:40.0083 2620 fvevol - ok
10:27:40.0115 2620 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:27:40.0115 2620 gagp30kx - ok
10:27:40.0161 2620 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
10:27:40.0177 2620 gpsvc - ok
10:27:40.0224 2620 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:27:40.0224 2620 hcw85cir - ok
10:27:40.0286 2620 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:27:40.0286 2620 HdAudAddService - ok
10:27:40.0333 2620 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:27:40.0333 2620 HDAudBus - ok
10:27:40.0364 2620 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:27:40.0364 2620 HidBatt - ok
10:27:40.0395 2620 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:27:40.0395 2620 HidBth - ok
10:27:40.0427 2620 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:27:40.0427 2620 HidIr - ok
10:27:40.0458 2620 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
10:27:40.0473 2620 hidserv - ok
10:27:40.0520 2620 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:27:40.0520 2620 HidUsb - ok
10:27:40.0567 2620 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:27:40.0567 2620 hkmsvc - ok
10:27:40.0598 2620 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:27:40.0614 2620 HomeGroupListener - ok
10:27:40.0661 2620 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:27:40.0661 2620 HomeGroupProvider - ok
10:27:40.0692 2620 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:27:40.0707 2620 HpqKbFiltr - ok
10:27:40.0723 2620 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
10:27:40.0739 2620 hpqwmiex - ok
10:27:40.0801 2620 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:27:40.0801 2620 HpSAMD - ok
10:27:40.0848 2620 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:27:40.0863 2620 HTTP - ok
10:27:40.0910 2620 [ 1FC7A63148E4F2BD831DAB0DC732026D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:27:40.0910 2620 hwdatacard - ok
10:27:40.0957 2620 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:27:40.0957 2620 hwpolicy - ok
10:27:41.0004 2620 [ A259D3619AA23D4562581067F85E2006 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
10:27:41.0004 2620 hwusbdev - ok
10:27:41.0066 2620 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:27:41.0066 2620 i8042prt - ok
10:27:41.0129 2620 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:27:41.0129 2620 IAANTMON - ok
10:27:41.0175 2620 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:27:41.0175 2620 iaStor - ok
10:27:41.0207 2620 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:27:41.0207 2620 iaStorV - ok
10:27:41.0269 2620 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:27:41.0285 2620 idsvc - ok
10:27:41.0456 2620 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:27:41.0503 2620 igfx - ok
10:27:41.0612 2620 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:27:41.0612 2620 iirsp - ok
10:27:41.0675 2620 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
10:27:41.0690 2620 IKEEXT - ok
10:27:41.0721 2620 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
10:27:41.0721 2620 intelide - ok
10:27:41.0753 2620 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:27:41.0768 2620 intelppm - ok
10:27:41.0799 2620 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:27:41.0815 2620 IPBusEnum - ok
10:27:41.0846 2620 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:41.0846 2620 IpFilterDriver - ok
10:27:41.0909 2620 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:27:41.0924 2620 iphlpsvc - ok
10:27:41.0971 2620 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:27:41.0971 2620 IPMIDRV - ok
10:27:41.0987 2620 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:27:41.0987 2620 IPNAT - ok
10:27:42.0018 2620 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:27:42.0033 2620 IRENUM - ok
10:27:42.0049 2620 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:27:42.0065 2620 isapnp - ok
10:27:42.0080 2620 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:27:42.0080 2620 iScsiPrt - ok
10:27:42.0127 2620 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:27:42.0127 2620 kbdclass - ok
10:27:42.0158 2620 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:27:42.0174 2620 kbdhid - ok
10:27:42.0189 2620 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
10:27:42.0205 2620 KeyIso - ok
10:27:42.0252 2620 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:27:42.0252 2620 KSecDD - ok
10:27:42.0283 2620 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:27:42.0283 2620 KSecPkg - ok
10:27:42.0314 2620 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:27:42.0330 2620 KtmRm - ok
10:27:42.0377 2620 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
10:27:42.0392 2620 LanmanServer - ok
10:27:42.0408 2620 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:27:42.0423 2620 LanmanWorkstation - ok
10:27:42.0486 2620 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:27:42.0486 2620 lltdio - ok
10:27:42.0517 2620 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:27:42.0533 2620 lltdsvc - ok
10:27:42.0548 2620 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:27:42.0564 2620 lmhosts - ok
10:27:42.0611 2620 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:27:42.0611 2620 LSI_FC - ok
10:27:42.0642 2620 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:27:42.0642 2620 LSI_SAS - ok
10:27:42.0673 2620 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:27:42.0673 2620 LSI_SAS2 - ok
10:27:42.0689 2620 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:27:42.0704 2620 LSI_SCSI - ok
10:27:42.0735 2620 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:27:42.0735 2620 luafv - ok
10:27:42.0767 2620 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:27:42.0767 2620 MBAMProtector - ok
10:27:42.0845 2620 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:27:42.0860 2620 MBAMService - ok
10:27:42.0907 2620 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:27:42.0907 2620 Mcx2Svc - ok
10:27:42.0938 2620 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:27:42.0938 2620 megasas - ok
10:27:42.0985 2620 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:27:42.0985 2620 MegaSR - ok
10:27:43.0047 2620 Microsoft SharePoint Workspace Audit Service - ok
10:27:43.0079 2620 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:27:43.0094 2620 MMCSS - ok
10:27:43.0110 2620 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:27:43.0110 2620 Modem - ok
10:27:43.0141 2620 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:27:43.0157 2620 monitor - ok
10:27:43.0188 2620 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:27:43.0188 2620 mouclass - ok
10:27:43.0219 2620 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:27:43.0235 2620 mouhid - ok
10:27:43.0281 2620 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:27:43.0281 2620 mountmgr - ok
10:27:43.0328 2620 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
10:27:43.0328 2620 mpio - ok
10:27:43.0344 2620 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:27:43.0359 2620 mpsdrv - ok
10:27:43.0406 2620 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:27:43.0422 2620 MpsSvc - ok
10:27:43.0453 2620 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:27:43.0453 2620 MRxDAV - ok
10:27:43.0500 2620 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:43.0500 2620 mrxsmb - ok
10:27:43.0562 2620 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:43.0562 2620 mrxsmb10 - ok
10:27:43.0609 2620 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:43.0609 2620 mrxsmb20 - ok
10:27:43.0625 2620 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
10:27:43.0625 2620 msahci - ok
10:27:43.0656 2620 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:27:43.0656 2620 msdsm - ok
10:27:43.0687 2620 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:27:43.0703 2620 MSDTC - ok
10:27:43.0749 2620 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:27:43.0765 2620 Msfs - ok
10:27:43.0781 2620 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:27:43.0781 2620 mshidkmdf - ok
10:27:43.0812 2620 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:27:43.0812 2620 msisadrv - ok
10:27:43.0843 2620 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:27:43.0859 2620 MSiSCSI - ok
10:27:43.0874 2620 msiserver - ok
10:27:43.0905 2620 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:27:43.0905 2620 MSKSSRV - ok
10:27:43.0921 2620 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:43.0937 2620 MSPCLOCK - ok
10:27:43.0968 2620 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:27:43.0968 2620 MSPQM - ok
10:27:43.0999 2620 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:27:43.0999 2620 MsRPC - ok
10:27:44.0046 2620 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:27:44.0046 2620 mssmbios - ok
10:27:44.0077 2620 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:27:44.0077 2620 MSTEE - ok
10:27:44.0108 2620 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:27:44.0108 2620 MTConfig - ok
10:27:44.0124 2620 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:27:44.0124 2620 Mup - ok
10:27:44.0171 2620 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
10:27:44.0202 2620 napagent - ok
10:27:44.0264 2620 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:27:44.0280 2620 NativeWifiP - ok
10:27:44.0311 2620 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:27:44.0327 2620 NDIS - ok
10:27:44.0358 2620 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:44.0358 2620 NdisCap - ok
10:27:44.0389 2620 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:44.0389 2620 NdisTapi - ok
10:27:44.0451 2620 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:44.0451 2620 Ndisuio - ok
10:27:44.0498 2620 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:44.0498 2620 NdisWan - ok
10:27:44.0529 2620 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:27:44.0529 2620 NDProxy - ok
10:27:44.0576 2620 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:27:44.0576 2620 NetBIOS - ok
10:27:44.0607 2620 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:27:44.0607 2620 NetBT - ok
10:27:44.0639 2620 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
10:27:44.0639 2620 Netlogon - ok
10:27:44.0685 2620 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:27:44.0701 2620 Netman - ok
10:27:44.0732 2620 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:27:44.0748 2620 netprofm - ok
10:27:44.0779 2620 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:27:44.0779 2620 NetTcpPortSharing - ok
10:27:44.0795 2620 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:27:44.0810 2620 nfrd960 - ok
10:27:44.0857 2620 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:27:44.0857 2620 NlaSvc - ok
10:27:44.0919 2620 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
10:27:44.0919 2620 nmwcd - ok
10:27:44.0951 2620 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
10:27:44.0951 2620 nmwcdc - ok
10:27:44.0997 2620 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:27:44.0997 2620 Npfs - ok
10:27:45.0013 2620 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:27:45.0029 2620 nsi - ok
10:27:45.0044 2620 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:27:45.0044 2620 nsiproxy - ok
10:27:45.0122 2620 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:27:45.0138 2620 Ntfs - ok
10:27:45.0169 2620 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:27:45.0169 2620 Null - ok
10:27:45.0216 2620 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:27:45.0216 2620 nvraid - ok
10:27:45.0231 2620 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:27:45.0231 2620 nvstor - ok
10:27:45.0263 2620 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:27:45.0263 2620 nv_agp - ok
10:27:45.0309 2620 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:27:45.0309 2620 ohci1394 - ok
10:27:45.0387 2620 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:45.0387 2620 ose - ok
10:27:45.0575 2620 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:27:45.0621 2620 osppsvc - ok
10:27:45.0668 2620 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:27:45.0684 2620 p2pimsvc - ok
10:27:45.0731 2620 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:27:45.0746 2620 p2psvc - ok
10:27:45.0777 2620 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:27:45.0777 2620 Parport - ok
10:27:45.0824 2620 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:27:45.0840 2620 partmgr - ok
10:27:45.0855 2620 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:27:45.0855 2620 Parvdm - ok
10:27:45.0871 2620 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:27:45.0887 2620 PcaSvc - ok
10:27:45.0949 2620 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
10:27:45.0949 2620 pccsmcfd - ok
10:27:45.0980 2620 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
10:27:45.0996 2620 pci - ok
10:27:46.0027 2620 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
10:27:46.0027 2620 pciide - ok
10:27:46.0058 2620 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:27:46.0058 2620 pcmcia - ok
10:27:46.0089 2620 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:27:46.0089 2620 pcw - ok
10:27:46.0152 2620 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:27:46.0152 2620 PEAUTH - ok
10:27:46.0214 2620 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:27:46.0245 2620 PeerDistSvc - ok
10:27:46.0355 2620 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
10:27:46.0401 2620 pla - ok
10:27:46.0448 2620 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:27:46.0464 2620 PlugPlay - ok
10:27:46.0526 2620 [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:27:46.0526 2620 Pml Driver HPZ12 - ok
10:27:46.0573 2620 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:27:46.0589 2620 PNRPAutoReg - ok
10:27:46.0620 2620 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:27:46.0635 2620 PNRPsvc - ok
10:27:46.0682 2620 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:27:46.0682 2620 PolicyAgent - ok
10:27:46.0729 2620 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
10:27:46.0745 2620 Power - ok
10:27:46.0791 2620 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:27:46.0791 2620 PptpMiniport - ok
10:27:46.0807 2620 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:27:46.0823 2620 Processor - ok
10:27:46.0869 2620 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
10:27:46.0885 2620 ProfSvc - ok
10:27:46.0916 2620 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:27:46.0932 2620 ProtectedStorage - ok
10:27:46.0947 2620 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:27:46.0947 2620 Psched - ok
10:27:47.0010 2620 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:27:47.0025 2620 ql2300 - ok
10:27:47.0057 2620 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:27:47.0072 2620 ql40xx - ok
10:27:47.0103 2620 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:27:47.0119 2620 QWAVE - ok
10:27:47.0135 2620 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:27:47.0150 2620 QWAVEdrv - ok
10:27:47.0166 2620 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:27:47.0181 2620 RasAcd - ok
10:27:47.0213 2620 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:27:47.0213 2620 RasAgileVpn - ok
10:27:47.0244 2620 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:27:47.0259 2620 RasAuto - ok
10:27:47.0291 2620 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:47.0306 2620 Rasl2tp - ok
10:27:47.0353 2620 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
10:27:47.0384 2620 RasMan - ok
10:27:47.0400 2620 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:27:47.0415 2620 RasPppoe - ok
10:27:47.0431 2620 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:27:47.0447 2620 RasSstp - ok
10:27:47.0478 2620 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:27:47.0478 2620 rdbss - ok
10:27:47.0493 2620 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:27:47.0509 2620 rdpbus - ok
10:27:47.0540 2620 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:27:47.0540 2620 RDPCDD - ok
10:27:47.0571 2620 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:27:47.0587 2620 RDPDR - ok
10:27:47.0618 2620 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:27:47.0634 2620 RDPENCDD - ok
10:27:47.0665 2620 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:27:47.0665 2620 RDPREFMP - ok
10:27:47.0743 2620 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:27:47.0743 2620 RdpVideoMiniport - ok
10:27:47.0790 2620 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:27:47.0790 2620 RDPWD - ok
10:27:47.0837 2620 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:27:47.0852 2620 rdyboost - ok
10:27:47.0868 2620 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:27:47.0883 2620 RemoteAccess - ok
10:27:47.0915 2620 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:27:47.0930 2620 RemoteRegistry - ok
10:27:47.0961 2620 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
10:27:47.0977 2620 RimUsb - ok
10:27:47.0993 2620 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:27:48.0008 2620 RpcEptMapper - ok
10:27:48.0039 2620 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:27:48.0055 2620 RpcLocator - ok
10:27:48.0071 2620 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
10:27:48.0086 2620 RpcSs - ok
10:27:48.0133 2620 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:27:48.0133 2620 rspndr - ok
10:27:48.0180 2620 [ 867BEB23207BA425C85293BB0D3EA971 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
10:27:48.0180 2620 RSUSBSTOR - ok
10:27:48.0227 2620 [ C5A68C5EC01FD6F03396DD154B48DB56 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
10:27:48.0227 2620 RTL8167 - ok
10:27:48.0273 2620 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:27:48.0273 2620 s3cap - ok
10:27:48.0305 2620 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
10:27:48.0320 2620 SamSs - ok
10:27:48.0351 2620 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:27:48.0351 2620 sbp2port - ok
10:27:48.0383 2620 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:27:48.0383 2620 SCardSvr - ok
10:27:48.0445 2620 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:27:48.0445 2620 scfilter - ok
10:27:48.0507 2620 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
10:27:48.0539 2620 Schedule - ok
10:27:48.0554 2620 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:27:48.0570 2620 SCPolicySvc - ok
10:27:48.0617 2620 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:27:48.0632 2620 SDRSVC - ok
10:27:48.0679 2620 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:27:48.0679 2620 secdrv - ok
10:27:48.0710 2620 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:27:48.0726 2620 seclogon - ok
10:27:48.0757 2620 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
10:27:48.0773 2620 SENS - ok
10:27:48.0819 2620 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:27:48.0819 2620 SensrSvc - ok
10:27:48.0851 2620 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:27:48.0851 2620 Serenum - ok
10:27:48.0882 2620 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:27:48.0882 2620 Serial - ok
10:27:48.0929 2620 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:27:48.0929 2620 sermouse - ok
10:27:49.0038 2620 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
10:27:49.0053 2620 ServiceLayer - ok
10:27:49.0116 2620 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
10:27:49.0131 2620 SessionEnv - ok
10:27:49.0178 2620 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:27:49.0178 2620 sffdisk - ok
10:27:49.0194 2620 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:27:49.0194 2620 sffp_mmc - ok
10:27:49.0225 2620 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:27:49.0241 2620 sffp_sd - ok
10:27:49.0272 2620 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:27:49.0272 2620 sfloppy - ok
10:27:49.0334 2620 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:27:49.0334 2620 SharedAccess - ok
10:27:49.0365 2620 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:27:49.0381 2620 ShellHWDetection - ok
10:27:49.0412 2620 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:27:49.0412 2620 sisagp - ok
10:27:49.0443 2620 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:27:49.0443 2620 SiSRaid2 - ok
10:27:49.0490 2620 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:27:49.0490 2620 SiSRaid4 - ok
10:27:49.0568 2620 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:27:49.0584 2620 SkypeUpdate - ok
10:27:49.0599 2620 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:27:49.0615 2620 Smb - ok
10:27:49.0677 2620 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:27:49.0693 2620 SNMPTRAP - ok
10:27:49.0740 2620 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:27:49.0740 2620 spldr - ok
10:27:49.0802 2620 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
10:27:49.0818 2620 Spooler - ok
10:27:49.0927 2620 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
10:27:49.0989 2620 sppsvc - ok
10:27:50.0099 2620 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:27:50.0114 2620 sppuinotify - ok
10:27:50.0177 2620 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:27:50.0177 2620 srv - ok
10:27:50.0223 2620 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:27:50.0223 2620 srv2 - ok
10:27:50.0255 2620 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:27:50.0255 2620 srvnet - ok
10:27:50.0301 2620 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:27:50.0317 2620 SSDPSRV - ok
10:27:50.0348 2620 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:27:50.0364 2620 SstpSvc - ok
10:27:50.0442 2620 [ 5B5A126FBF81E79DC1BC0B36428C9B08 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
10:27:50.0442 2620 STacSV - ok
10:27:50.0473 2620 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:27:50.0473 2620 stexstor - ok
10:27:50.0520 2620 [ 90ED54378E10700E5B7B61A800C18C8B ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
10:27:50.0535 2620 STHDA - ok
10:27:50.0598 2620 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
10:27:50.0613 2620 StiSvc - ok
10:27:50.0660 2620 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:27:50.0676 2620 storflt - ok
10:27:50.0691 2620 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:27:50.0707 2620 storvsc - ok
10:27:50.0738 2620 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
10:27:50.0738 2620 swenum - ok
10:27:50.0785 2620 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:27:50.0801 2620 swprv - ok
10:27:50.0863 2620 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:27:50.0863 2620 SynTP - ok
10:27:50.0941 2620 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
10:27:50.0957 2620 SysMain - ok
10:27:51.0003 2620 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:27:51.0019 2620 TabletInputService - ok
10:27:51.0081 2620 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
10:27:51.0097 2620 TapiSrv - ok
10:27:51.0128 2620 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:27:51.0144 2620 TBS - ok
10:27:51.0206 2620 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:27:51.0222 2620 Tcpip - ok
10:27:51.0269 2620 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:27:51.0300 2620 TCPIP6 - ok
10:27:51.0347 2620 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:27:51.0347 2620 tcpipreg - ok
10:27:51.0409 2620 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:27:51.0409 2620 TDPIPE - ok
10:27:51.0471 2620 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:27:51.0471 2620 TDTCP - ok
10:27:51.0518 2620 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:27:51.0534 2620 tdx - ok
10:27:51.0549 2620 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:27:51.0565 2620 TermDD - ok
10:27:51.0627 2620 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
10:27:51.0643 2620 TermService - ok
10:27:51.0674 2620 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:27:51.0690 2620 Themes - ok
10:27:51.0705 2620 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:27:51.0721 2620 THREADORDER - ok
10:27:51.0768 2620 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:27:51.0783 2620 TrkWks - ok
10:27:51.0830 2620 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:27:51.0846 2620 TrustedInstaller - ok
10:27:51.0893 2620 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:27:51.0893 2620 tssecsrv - ok
10:27:51.0939 2620 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:27:51.0939 2620 TsUsbFlt - ok
10:27:51.0986 2620 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:27:51.0986 2620 tunnel - ok
10:27:52.0017 2620 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:27:52.0017 2620 uagp35 - ok
10:27:52.0049 2620 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:27:52.0049 2620 udfs - ok
10:27:52.0111 2620 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:27:52.0127 2620 UI0Detect - ok
10:27:52.0173 2620 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:27:52.0173 2620 uliagpkx - ok
10:27:52.0236 2620 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:27:52.0236 2620 umbus - ok
10:27:52.0267 2620 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:27:52.0267 2620 UmPass - ok
10:27:52.0314 2620 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
10:27:52.0329 2620 UmRdpService - ok
10:27:52.0361 2620 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:27:52.0376 2620 upnphost - ok
10:27:52.0439 2620 [ 78B74AF8727A28C128E164E9B53A5413 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:27:52.0439 2620 upperdev - ok
10:27:52.0454 2620 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:27:52.0454 2620 usbccgp - ok
10:27:52.0501 2620 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:27:52.0501 2620 usbcir - ok
10:27:52.0532 2620 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:27:52.0532 2620 usbehci - ok
10:27:52.0595 2620 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:27:52.0595 2620 usbhub - ok
10:27:52.0626 2620 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:27:52.0626 2620 usbohci - ok
10:27:52.0673 2620 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:27:52.0673 2620 usbprint - ok
10:27:52.0735 2620 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:27:52.0735 2620 UsbserFilt - ok
10:27:52.0766 2620 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:27:52.0766 2620 USBSTOR - ok
10:27:52.0797 2620 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:27:52.0797 2620 usbuhci - ok
10:27:52.0860 2620 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:27:52.0860 2620 usbvideo - ok
10:27:52.0891 2620 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:27:52.0907 2620 UxSms - ok
10:27:52.0938 2620 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
10:27:52.0953 2620 VaultSvc - ok
10:27:52.0985 2620 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
10:27:53.0000 2620 VClone - ok
10:27:53.0016 2620 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:27:53.0031 2620 vdrvroot - ok
10:27:53.0078 2620 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
10:27:53.0094 2620 vds - ok
10:27:53.0141 2620 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:27:53.0141 2620 vga - ok
10:27:53.0172 2620 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:27:53.0172 2620 VgaSave - ok
10:27:53.0219 2620 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:27:53.0234 2620 vhdmp - ok
10:27:53.0250 2620 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:27:53.0250 2620 viaagp - ok
10:27:53.0281 2620 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:27:53.0281 2620 ViaC7 - ok
10:27:53.0312 2620 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
10:27:53.0312 2620 viaide - ok
10:27:53.0359 2620 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:27:53.0375 2620 vmbus - ok
10:27:53.0406 2620 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:27:53.0406 2620 VMBusHID - ok
10:27:53.0437 2620 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:27:53.0437 2620 volmgr - ok
10:27:53.0468 2620 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:27:53.0484 2620 volmgrx - ok
10:27:53.0515 2620 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:27:53.0515 2620 volsnap - ok
10:27:53.0577 2620 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:27:53.0577 2620 vsmraid - ok
10:27:53.0640 2620 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
10:27:53.0655 2620 VSS - ok
10:27:53.0687 2620 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:27:53.0687 2620 vwifibus - ok
10:27:53.0718 2620 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:27:53.0733 2620 vwififlt - ok
10:27:53.0749 2620 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:27:53.0749 2620 vwifimp - ok
10:27:53.0796 2620 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:27:53.0827 2620 W32Time - ok
10:27:53.0874 2620 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:27:53.0874 2620 WacomPen - ok
10:27:53.0905 2620 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:27:53.0921 2620 WANARP - ok
10:27:53.0936 2620 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:27:53.0936 2620 Wanarpv6 - ok
10:27:53.0999 2620 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
10:27:54.0045 2620 wbengine - ok
10:27:54.0061 2620 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:27:54.0077 2620 WbioSrvc - ok
10:27:54.0123 2620 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:27:54.0139 2620 wcncsvc - ok
10:27:54.0170 2620 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:27:54.0186 2620 WcsPlugInService - ok
10:27:54.0217 2620 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:27:54.0233 2620 Wd - ok
10:27:54.0264 2620 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:27:54.0279 2620 Wdf01000 - ok
10:27:54.0326 2620 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:27:54.0342 2620 WdiServiceHost - ok
10:27:54.0342 2620 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:27:54.0373 2620 WdiSystemHost - ok
10:27:54.0404 2620 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
10:27:54.0420 2620 WebClient - ok
10:27:54.0451 2620 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:27:54.0467 2620 Wecsvc - ok
10:27:54.0498 2620 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:27:54.0513 2620 wercplsupport - ok
10:27:54.0545 2620 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:27:54.0560 2620 WerSvc - ok
10:27:54.0591 2620 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:27:54.0591 2620 WfpLwf - ok
10:27:54.0623 2620 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:27:54.0623 2620 WIMMount - ok
10:27:54.0701 2620 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:27:54.0701 2620 WinDefend - ok
10:27:54.0732 2620 WinHttpAutoProxySvc - ok
10:27:54.0794 2620 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:27:54.0810 2620 Winmgmt - ok
10:27:54.0888 2620 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
10:27:54.0919 2620 WinRM - ok
10:27:54.0997 2620 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:27:54.0997 2620 WinUsb - ok
10:27:55.0059 2620 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:27:55.0091 2620 Wlansvc - ok
10:27:55.0137 2620 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:27:55.0137 2620 WmiAcpi - ok
10:27:55.0184 2620 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:27:55.0184 2620 wmiApSrv - ok
10:27:55.0278 2620 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:27:55.0293 2620 WMPNetworkSvc - ok
10:27:55.0340 2620 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:27:55.0356 2620 WPCSvc - ok
10:27:55.0387 2620 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:27:55.0418 2620 WPDBusEnum - ok
10:27:55.0449 2620 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:27:55.0449 2620 ws2ifsl - ok
10:27:55.0481 2620 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
10:27:55.0512 2620 wscsvc - ok
10:27:55.0559 2620 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:27:55.0559 2620 WSDPrintDevice - ok
10:27:55.0574 2620 WSearch - ok
10:27:55.0683 2620 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:27:55.0730 2620 wuauserv - ok
10:27:55.0761 2620 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:27:55.0761 2620 WudfPf - ok
10:27:55.0824 2620 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:27:55.0824 2620 WUDFRd - ok
10:27:55.0871 2620 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:27:55.0886 2620 wudfsvc - ok
10:27:55.0917 2620 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:27:55.0949 2620 WwanSvc - ok
10:27:56.0011 2620 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:27:56.0027 2620 YahooAUService - ok
10:27:56.0136 2620 ================ Scan global ===============================
10:27:56.0167 2620 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:27:56.0214 2620 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:27:56.0245 2620 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:27:56.0292 2620 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:27:56.0339 2620 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:27:56.0354 2620 [Global] - ok
10:27:56.0354 2620 ================ Scan MBR ==================================
10:27:56.0370 2620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:27:56.0526 2620 \Device\Harddisk0\DR0 - ok
10:27:56.0526 2620 ================ Scan VBR ==================================
10:27:56.0541 2620 [ A638DF552D3684EA2468655DF8D0ADB3 ] \Device\Harddisk0\DR0\Partition1
10:27:56.0541 2620 \Device\Harddisk0\DR0\Partition1 - ok
10:27:56.0573 2620 [ E9EB0A106AFFA9F7F25C0380AFDAC424 ] \Device\Harddisk0\DR0\Partition2
10:27:56.0573 2620 \Device\Harddisk0\DR0\Partition2 - ok
10:27:56.0573 2620 ============================================================
10:27:56.0573 2620 Scan finished
10:27:56.0573 2620 ============================================================
10:27:56.0604 3656 Detected object count: 0
10:27:56.0604 3656 Actual detected object count: 0
10:28:15.0355 3892 Deinitialize success

t'john · 27.08.2012, 18:00

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Ambanja · 28.08.2012, 10:56

ich bekomm keine Log-Datei ... hab´s jetzt mehrfach probiert und genau so zelebriert, wie du es geschrieben hast.
Hab nur einen Internetstick,welcher angeschlossen ist, mehr habe ich nicht zum Anschließen. Kanns daran liegen ?

Ambanja · 28.08.2012, 18:35

so, jetzt hab ich den Log

t'john · 29.08.2012, 01:33

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ambanja · 29.08.2012, 09:18

hier der OTL-Log:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.08.2012 09:36:51 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Ambanja\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,83% Memory free
3,98 Gb Paging File | 3,01 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 11,14 Gb Free Space | 28,52% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 105,83 Gb Free Space | 54,60% Space Free | Partition Type: NTFS
Drive E: | 23,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: AMBANJA-PC | User Name: Ambanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ambanja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Ambanja\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c9a38bd-957a-4121-a8e5-7abf896e7522&searchtype=ds&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c9a38bd-957a-4121-a8e5-7abf896e7522&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c9a38bd-957a-4121-a8e5-7abf896e7522&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c9a38bd-957a-4121-a8e5-7abf896e7522&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c9a38bd-957a-4121-a8e5-7abf896e7522&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c9a38bd-957a-4121-a8e5-7abf896e7522&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..network.proxy.type: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.27 22:35:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.06.05 12:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ambanja\AppData\Roaming\mozilla\Extensions
[2010.07.16 12:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ambanja\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.26 17:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ambanja\AppData\Roaming\mozilla\Firefox\Profiles\7qco1c3x.default\extensions
[2012.08.26 17:26:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ambanja\AppData\Roaming\mozilla\Firefox\Profiles\7qco1c3x.default\extensions\ffxtlbr@babylon.com
[2011.06.22 19:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.22 13:28:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2012.08.25 18:32:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-449055795-2211351837-1604622298-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-449055795-2211351837-1604622298-1000..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-449055795-2211351837-1604622298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F89CE33-D14A-44A1-84B2-0DA6D2316FAA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6469EF01-9E5A-4942-854B-B1574DBE0B9A}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{792B6CE7-DFAF-4DDC-8F1C-41B753407528}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{945C9973-AFEB-4C79-B030-E562DAB90DAF}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFD80AFC-F16E-45BD-A36C-406B4EA0F102}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAADB3A1-7FFD-49D0-810D-8F4A4FA81B0E}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.28 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.03 20:35:30 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.29 09:31:20 | 052,431,024 | ---- | C] (Rovio) -- C:\Users\Ambanja\Desktop\AngryBirdsRioInstaller_1.4.4.exe
[2012.08.27 21:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.26 17:48:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.26 17:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.08.26 17:25:35 | 000,000,000 | ---D | C] -- C:\Users\Ambanja\AppData\Roaming\Babylon
[2012.08.26 16:27:55 | 001,178,624 | ---- | C] (CPUID) -- C:\Users\Ambanja\AppData\Roaming\siw_sdk.dll
[2012.08.26 16:27:17 | 000,000,000 | ---D | C] -- C:\Users\Ambanja\AppData\Roaming\OpenCandy
[2012.08.26 14:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.26 14:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.26 12:22:43 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ambanja\Desktop\TDSSKiller.exe
[2012.08.25 18:37:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.08.25 18:30:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.08.25 18:30:21 | 000,000,000 | ---D | C] -- C:\Users\Ambanja\AppData\Local\temp
[2012.08.25 18:05:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.25 14:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.08.25 09:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.08.25 09:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.08.25 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\Ambanja\Documents\Anti-Malware
[2012.08.24 18:15:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.24 08:35:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ambanja\Desktop\OTL.exe
[2012.08.23 21:46:38 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.08.23 21:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.08.23 21:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.08.23 19:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.23 19:17:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.23 19:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.15 15:48:44 | 000,000,000 | ---D | C] -- C:\Users\Ambanja\AppData\Roaming\Malwarebytes
[2012.08.15 15:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.29 09:31:07 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.29 09:31:07 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.29 09:31:07 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.29 09:31:07 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.29 09:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.29 09:30:46 | 000,013,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 09:30:46 | 000,013,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 09:25:41 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.08.29 09:25:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.29 09:24:50 | 1601,327,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 21:56:48 | 052,431,024 | ---- | M] (Rovio) -- C:\Users\Ambanja\Desktop\AngryBirdsRioInstaller_1.4.4.exe
[2012.08.28 14:43:43 | 000,001,270 | ---- | M] () -- C:\Users\Ambanja\Desktop\ESET Online Scanner - Verknüpfung.lnk
[2012.08.26 17:26:43 | 000,000,317 | ---- | M] () -- C:\user.js
[2012.08.26 16:27:55 | 001,178,624 | ---- | M] (CPUID) -- C:\Users\Ambanja\AppData\Roaming\siw_sdk.dll
[2012.08.26 11:01:28 | 000,001,045 | ---- | M] () -- C:\Users\Ambanja\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.25 18:32:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.08.25 09:53:02 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.24 19:01:13 | 000,618,227 | ---- | M] () -- C:\Users\Ambanja\Desktop\adwcleaner.exe
[2012.08.24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ambanja\Desktop\TDSSKiller.exe
[2012.08.24 08:36:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ambanja\Desktop\OTL.exe
[2012.08.24 01:51:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.15 14:05:52 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.28 14:43:43 | 000,001,270 | ---- | C] () -- C:\Users\Ambanja\Desktop\ESET Online Scanner - Verknüpfung.lnk
[2012.08.26 17:26:40 | 000,000,317 | ---- | C] () -- C:\user.js
[2012.08.26 11:01:28 | 000,001,045 | ---- | C] () -- C:\Users\Ambanja\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.25 09:53:02 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.08.24 19:01:09 | 000,618,227 | ---- | C] () -- C:\Users\Ambanja\Desktop\adwcleaner.exe
[2012.08.24 18:23:09 | 000,013,040 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 18:23:09 | 000,013,040 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 18:23:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012.06.30 11:36:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.07 14:52:51 | 000,000,692 | ---- | C] () -- C:\Windows\wiso.ini
[2012.05.03 13:51:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.07.02 16:12:37 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.02 16:04:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.05 22:45:49 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2010.12.27 14:54:12 | 000,012,288 | ---- | C] () -- C:\Users\Ambanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.08 23:24:42 | 000,000,034 | ---- | C] () -- C:\Users\Ambanja\AppData\Roaming\Spin Chat Preferences
[2010.09.21 10:02:59 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.07.19 01:14:25 | 000,007,619 | ---- | C] () -- C:\Users\Ambanja\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
 
[2012.06.27 22:19:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2011.11.30 01:14:43 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Amazon
[2012.08.26 17:25:35 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Babylon
[2012.08.26 18:39:12 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\BOM
[2012.05.07 14:56:43 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Buhl Data Service
[2011.02.01 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\DVDFab
[2012.04.16 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\DVDVideoSoft
[2011.02.27 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\FileZilla
[2010.12.11 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Foxit Software
[2011.02.18 13:42:22 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\IrfanView
[2012.06.11 07:50:39 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Nokia
[2012.06.11 07:50:40 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Nokia Suite
[2012.08.26 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\OpenCandy
[2012.06.07 00:13:16 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\PC Suite
[2012.06.07 00:12:58 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Samsung
[2010.07.16 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Thunderbird
[2012.07.18 18:25:23 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.17 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Adobe
[2011.11.30 01:14:43 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Amazon
[2011.06.22 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\ArcSoft
[2012.08.26 17:25:35 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Babylon
[2012.08.26 18:39:12 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\BOM
[2012.05.07 14:56:43 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Buhl Data Service
[2012.06.07 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\dvdcss
[2011.02.01 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\DVDFab
[2012.04.16 00:38:02 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\DVDVideoSoft
[2011.02.27 17:55:29 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\FileZilla
[2010.12.11 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Foxit Software
[2010.07.16 13:00:25 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\hpqLog
[2010.07.16 10:01:05 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Identities
[2012.05.07 14:50:07 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\InstallShield Installation Information
[2011.02.18 13:42:22 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\IrfanView
[2010.07.17 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Macromedia
[2012.08.15 15:48:44 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Media Center Programs
[2012.08.26 18:15:25 | 000,000,000 | --SD | M] -- C:\Users\Ambanja\AppData\Roaming\Microsoft
[2011.05.27 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Mozilla
[2011.12.07 13:28:16 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\NCH Software
[2012.06.11 07:50:39 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Nokia
[2012.06.11 07:50:40 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Nokia Suite
[2012.08.26 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\OpenCandy
[2012.06.07 00:13:16 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\PC Suite
[2012.06.07 00:12:58 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Samsung
[2012.07.05 11:47:10 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Skype
[2010.07.16 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Thunderbird
[2012.08.17 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\vlc
[2012.05.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\WinRAR
[2012.01.06 13:58:56 | 000,000,000 | ---D | M] -- C:\Users\Ambanja\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.11.04 14:44:10 | 000,807,472 | ---- | M] () -- C:\Users\Ambanja\AppData\Roaming\InstallShield Installation Information\{0E806605-5B82-4A4F-BC31-AA4FADA03C42}\setup.exe
[2007.08.29 16:36:20 | 000,110,592 | ---- | M] () -- C:\Users\Ambanja\AppData\Roaming\NCH Software\Components\aacenc\aacenc.exe
[2007.08.29 16:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Ambanja\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2012.08.24 19:11:30 | 008,876,616 | ---- | M] () -- C:\Users\Ambanja\AppData\Roaming\OpenCandy\9477626420B84DAE967ABEDDB7C0D1B0\SnapDo.exe
[2012.08.26 16:30:24 | 007,573,872 | ---- | M] () -- C:\Users\Ambanja\AppData\Roaming\OpenCandy\9477626420B84DAE967ABEDDB7C0D1B0\SnapDo_ALL_p1v2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\drivers\agp440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: AHCIX86.SYS  >
[2009.09.11 21:29:36 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\Windows.old\Windows\NLDRV\002\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows.old\Windows\system32\drivers\iaStor.sys
[2009.10.13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows.old\Windows\system32\DRVSTORE\iaAHCI_1FA7BA1632AD920B19D820D8479859661DEDD67C\iaStor.sys
[2009.10.13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b12590c8dd605296\iaStor.sys
[2009.09.11 21:29:11 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\NLDRV\001\iastor.sys
[2009.09.11 21:29:11 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\system32\ReinstallBackups\0001\DriverFiles\iaStor.sys
[2009.10.13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\ServicePackFiles\i386\netlogon.dll
[2009.09.11 20:57:54 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=98731276ECE6966F4DA540FAB9512F6F -- C:\Windows.old\Windows\system32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\Windows.old\Windows\SoftwareDistribution\Download\dd88021d2f59f41ff3b503fc5f5a4ec9\SP2QFE\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\system32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\system32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\system32\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.07.12 12:59:55 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=413F6D9D4326E02541CD4988A52247E7 -- C:\Windows.old\Windows\system32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003.04.02 17:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.09.02 14:23:31 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.09.02 14:23:31 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2012.07.12 22:47:08 | 000,000,174 | -HS- | M] () -- C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >
 
<           >

< End of report >

--- --- ---

t'john · 29.08.2012, 19:55

Lasse SUPERAntiSpyware laufen: http://www.trojaner-board.de/51871-a...tispyware.html

Ambanja · 30.08.2012, 04:20

Hi,

hab jetzt alles gemacht, allerdings konnte ich bei Teil 2 der Anleitung die Einstellungen mit dieser Scankontrolle nicht machen,da es garnicht erschienen ist,um es einzustellen.

Hier mal der entstandene Log:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/30/2012 at 00:08 AM

Application Version : 5.5.1012

Core Rules Database Version : 9146
Trace Rules Database Version: 6958

Scan type       : Complete Scan
Total Scan Time : 01:48:33

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 713
Memory threats detected   : 0
Registry items scanned    : 35010
Registry threats detected : 0
File items scanned        : 46648
File threats detected     : 70

Adware.Tracking Cookie
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\OWILFXKL.txt [ /liveperson.net ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\9YY3HTKK.txt [ /doubleclick.net ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\LK6CP9E3.txt [ /tradedoubler.com ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\9RBWYNHR.txt [ /eas.apm.emediate.eu ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\RTKDPFU4.txt [ /ad.adc-serv.net ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\KA6WU0E6.txt [ /server.iad.liveperson.net ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\BYQ7C9QC.txt [ /invitemedia.com ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\QF925CLA.txt [ /apmebf.com ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\8J6HOZ1V.txt [ /revsci.net ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\9Z67SA9C.txt [ /liveperson.net ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\HM2N0FMF.txt [ /atdmt.com ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\ODJI27TF.txt [ /track.adform.net ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\FN64NJ74.txt [ /adtech.de ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\0N388X5E.txt [ /tracking.mlsat02.de ]
	C:\Users\Ambanja\AppData\Roaming\Microsoft\Windows\Cookies\8SUTLHYA.txt [ /adform.net ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4AJ98G2T.txt [ Cookie:ambanja@tradedoubler.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IYIJMZ1X.txt [ Cookie:ambanja@ero-advertising.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3RZ4GAR9.txt [ Cookie:ambanja@www.porntube.com/videos/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OXULYXJS.txt [ Cookie:ambanja@ixxx.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JIMFIVW.txt [ Cookie:ambanja@www.zanox-affiliate.de/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I60UV327.txt [ Cookie:ambanja@go.trafficshop.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\52GMQVBU.txt [ Cookie:ambanja@adultfriendfinder.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\X27B534A.txt [ Cookie:ambanja@service.clicksvenue.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CY0IWF0T.txt [ Cookie:ambanja@traffictrack.de/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CHP5ZDBM.txt [ Cookie:ambanja@www.porntube.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\61IH7PDR.txt [ Cookie:ambanja@paypal.112.2o7.net/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1D2N2R1S.txt [ Cookie:ambanja@adxpansion.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PLA34K1L.txt [ Cookie:ambanja@adformdsp.net/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9ZZ72EM.txt [ Cookie:ambanja@www.porntube.com/xml/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GAU985Z.txt [ Cookie:ambanja@ads.pornerbros.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYV8JVZM.txt [ Cookie:ambanja@ads2.zeusclicks.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EK8HXMNB.txt [ Cookie:ambanja@apmebf.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETSMVZ4D.txt [ Cookie:ambanja@www.bravotube.net/videos/sexy-blond-sucks-and-gets-a-huge-cock-in-her-pussy/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I7L5PW10.txt [ Cookie:ambanja@www.bravotube.net/videos/sexy-angel-dark-is-oiled-up-as-she-gets-her-tight-pussy-widened/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6EZF6D6J.txt [ Cookie:ambanja@atdmt.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JTOCL2XB.txt [ Cookie:ambanja@exoclick.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2R55OX0L.txt [ Cookie:ambanja@www.googleadservices.com/pagead/conversion/1006163305/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EBOCWO3B.txt [ Cookie:ambanja@track.adform.net/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UY81H80.txt [ Cookie:ambanja@sexad.net/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJDQ6ZZB.txt [ Cookie:ambanja@pornofilmpjes.nl/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UN79SNVO.txt [ Cookie:ambanja@e-2dj6wmmigjcpocp.stats.esomniture.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6D4V2B3G.txt [ Cookie:ambanja@nextag.de/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\12SBAWME.txt [ Cookie:ambanja@count.asnetworks.de/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MWSUPIHA.txt [ Cookie:ambanja@www.pornerbros.com/141819/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOME683B.txt [ Cookie:ambanja@c1.atdmt.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RF5WD00K.txt [ Cookie:ambanja@adtech.de/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XHQUGQ23.txt [ Cookie:ambanja@server.adformdsp.net/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P9JGM3IW.txt [ Cookie:ambanja@pornerbros.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DTCJ0ZVU.txt [ Cookie:ambanja@stats.paypal.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0B71GMDS.txt [ Cookie:ambanja@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MZ9I96RZ.txt [ Cookie:ambanja@adform.net/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\E76ER3VZ.txt [ Cookie:ambanja@ads7.orbitads.net/gif/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I0PRF7XE.txt [ Cookie:ambanja@shinystat.com/cgi-bin/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VWMK2V0J.txt [ Cookie:ambanja@www.pornerbros.com/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4SKB3TWT.txt [ Cookie:ambanja@www.usenext.de/ ]
	C:\USERS\AMBANJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BBRVVH32.txt [ Cookie:ambanja@syndication.traffichaus.com/ ]
	C:\USERS\AMBANJA\Cookies\LK6CP9E3.txt [ Cookie:ambanja@tradedoubler.com/ ]
	C:\USERS\AMBANJA\Cookies\9RBWYNHR.txt [ Cookie:ambanja@eas.apm.emediate.eu/ ]
	C:\USERS\AMBANJA\Cookies\KA6WU0E6.txt [ Cookie:ambanja@server.iad.liveperson.net/ ]
	C:\USERS\AMBANJA\Cookies\QF925CLA.txt [ Cookie:ambanja@apmebf.com/ ]
	C:\USERS\AMBANJA\Cookies\8J6HOZ1V.txt [ Cookie:ambanja@revsci.net/ ]
	C:\USERS\AMBANJA\Cookies\9Z67SA9C.txt [ Cookie:ambanja@liveperson.net/hc/79250072 ]
	C:\USERS\AMBANJA\Cookies\HM2N0FMF.txt [ Cookie:ambanja@atdmt.com/ ]
	C:\USERS\AMBANJA\Cookies\ODJI27TF.txt [ Cookie:ambanja@track.adform.net/ ]
	C:\USERS\AMBANJA\Cookies\FN64NJ74.txt [ Cookie:ambanja@adtech.de/ ]
	C:\USERS\AMBANJA\Cookies\0N388X5E.txt [ Cookie:ambanja@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\AMBANJA\Cookies\8SUTLHYA.txt [ Cookie:ambanja@adform.net/ ]
	cdn5.specificclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EWTWN523 ]
	delivery.ibanner.de [ C:\USERS\AMBANJA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U5F835CL ]
	www.porntube.com [ C:\USERS\AMBANJA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U5F835CL ]

t'john · 30.08.2012, 18:56

Kontrollscan:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

Ambanja · 30.08.2012, 23:49

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ambanja :: AMBANJA-PC [Administrator]

Schutz: Aktiviert

30.08.2012 22:30:03
mbam-log-2012-08-30 (22-30-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 331904
Laufzeit: 1 Stunde(n), 37 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

t'john · 31.08.2012, 16:48

Sehr gut!

damit bist entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

Ambanja · 31.08.2012, 20:10

alles erledigt

DANKE dir, für deine Bemühungen !

29.08.2012, 19:55	#23
t'john /// Helfer-Team	Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen Lasse SUPERAntiSpyware laufen: http://www.trojaner-board.de/51871-a...tispyware.html __________________ Mfg, t'john Das TB unterstützen

Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen

Log-Analyse und Auswertung: Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen