Mystart.Incredibar

cosinus · 05.10.2012, 15:12

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

wbx32 · 05.10.2012, 16:01

Hier der OTL-LOG:

Code:

ATTFilter

OTL logfile created on: 05.10.2012 16:23:39 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\XXX\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,17% Memory free
5,99 Gb Paging File | 4,63 Gb Available in Paging File | 77,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 218,72 Gb Free Space | 73,37% Space Free | Partition Type: NTFS
 
Computer Name: XX-PC | User Name: XX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.05 16:21:06 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\X\Downloads\OTL.exe
PRC - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.09.24 14:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.09.22 00:17:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\Scrybe\scrybe.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.08.24 16:50:46 | 001,190,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.03.31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.04 22:03:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.30 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.17 16:50:39 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.05.05 23:58:42 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.03.07 04:03:33 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.11.01 01:56:36 | 007,522,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.05.31 21:04:29 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010.03.29 12:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.08.31 13:41:50 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.07 19:53:02 | 000,028,160 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009.04.30 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007.03.28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 1B 6B A4 B9 6C CD 01  [binary data]
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\X\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.30 11:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.05 15:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.05 15:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.05 15:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.23 17:47:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.04 22:55:03 | 000,000,000 | ---D | M]
 
[2012.03.07 01:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XX\AppData\Roaming\mozilla\Extensions
[2012.09.23 14:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\2y409ch6.default\extensions
[2012.09.15 02:15:05 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\XX\AppData\Roaming\mozilla\Firefox\Profiles\2y409ch6.default\extensions\ich@maltegoetz.de
[2012.09.23 17:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.30 11:27:02 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.26 00:53:27 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Driver Genius]  File not found
O4 - HKLM..\Run: [LicenseProxy] C:\Program Files\LicenseProxy\LicenseProxy.exe (MAFIA)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001..\Run: [Facebook Update] C:\Users\XXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MotDViewer.lnk = C:\Windows\System32\javaw.exe (Oracle Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8C0C8D5-43E6-4EDF-993E-ED519239BE7B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE729427-0B76-434D-B75A-5F73642A811A}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\Shell - "" = AutoRun
O33 - MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\Shell\AutoRun\command - "" = E:\CDLaunch\shelexec.exe \SP1INST.HTM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PowerDVD12Agent - hkey= - key= -  File not found
MsConfig - StartUpReg: PowerDVD12DMREngine - hkey= - key= -  File not found
MsConfig - StartUpReg: RIMBBLaunchAgent.exe - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Secunia PSI
[2012.10.04 22:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.10.03 12:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.30 23:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.30 23:41:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.30 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.30 02:45:22 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2012.09.30 02:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.29 12:57:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\KW
[2012.09.24 19:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.09.24 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.09.24 17:28:58 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\My Games
[2012.09.24 15:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.09.24 15:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2012.09.22 00:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.22 00:14:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.09.16 11:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.16 11:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.16 11:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.16 11:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.08 17:26:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWebcamera
[2012.09.08 17:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWebcamera
[2012.09.08 17:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\drahtwerk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.05 16:20:02 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237396834-4016416428-3805799152-1001UA.job
[2012.10.05 16:19:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.05 16:15:39 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 16:15:39 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 16:06:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.05 16:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.05 16:06:13 | 2411,880,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.05 15:58:01 | 000,453,464 | ---- | M] () -- C:\Users\XXX\Desktop\Bluescreenviewer.jpg
[2012.10.04 23:07:38 | 003,156,294 | ---- | M] () -- C:\Users\Desktop\Mac Miller Missed calls.mp3
[2012.10.04 22:51:16 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.10.04 22:22:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012.10.04 19:20:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237396834-4016416428-3805799152-1001Core.job
[2012.10.04 17:50:40 | 300,777,515 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.04 17:39:56 | 002,113,208 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_1856.JPG
[2012.10.03 10:41:33 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.03 10:41:33 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.03 10:41:33 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.03 10:41:33 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.30 23:41:37 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 02:36:30 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.27 02:33:39 | 001,302,541 | ---- | M] () -- C:\Users\XX\Desktop\FB1_ab2011.pdf
[2012.09.27 01:53:09 | 001,257,459 | ---- | M] () -- C:\Users\XX\Desktop\FB3_ab2011.pdf
[2012.09.27 01:39:12 | 001,025,602 | ---- | M] () -- C:\Users\XXX\Desktop\Anl1_zu_FB1_ab2011.pdf
[2012.09.25 20:07:09 | 000,001,915 | ---- | M] () -- C:\Users\XXX\Desktop\Borderlands2 - Verknüpfung.lnk
[2012.09.25 19:58:09 | 000,096,712 | ---- | M] () -- C:\Users\XXX\Desktop\0f1d653204f411e283fe22000a1d0cf6_7.jpg
[2012.09.24 19:56:11 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.24 15:16:56 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012.09.23 20:27:23 | 000,015,999 | ---- | M] () -- C:\Users\XXX\Desktop\tumblr_m8upagNeyp1qz6pkro1_1280.jpg
[2012.09.23 19:22:01 | 000,019,675 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_1747.JPG
[2012.09.23 18:42:44 | 000,078,837 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_1745.JPG
[2012.09.23 17:47:15 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.23 14:03:16 | 000,002,184 | ---- | M] () -- C:\Users\XX\Desktop\iDevice Manager.lnk
[2012.09.19 21:38:50 | 008,991,527 | ---- | M] () -- C:\Users\XXX\Desktop\afc2c9ea3b9a8c66.mp3
[2012.09.16 11:40:17 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.05 15:58:01 | 000,453,464 | ---- | C] () -- C:\Users\XXX\Desktop\Bluescreenviewer.jpg
[2012.10.04 23:07:31 | 003,156,294 | ---- | C] () -- C:\Users\\Desktop\Mac Miller Missed calls.mp3
[2012.10.04 22:51:16 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.10.04 22:51:15 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.10.04 22:22:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012.10.04 17:39:57 | 002,113,208 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_1856.JPG
[2012.10.02 11:49:44 | 000,069,241 | ---- | C] () -- C:\Users\XXX\Desktop\Noten.pdf
[2012.09.30 23:41:37 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 02:36:30 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.27 01:22:27 | 001,302,541 | ---- | C] () -- C:\Users\XXX\Desktop\FB1_ab2011.pdf
[2012.09.27 01:22:21 | 001,257,459 | ---- | C] () -- C:\Users\XX\Desktop\FB3_ab2011.pdf
[2012.09.27 01:22:06 | 001,025,602 | ---- | C] () -- C:\Users\XXX\Desktop\Anl1_zu_FB1_ab2011.pdf
[2012.09.25 20:07:09 | 000,001,915 | ---- | C] () -- C:\Users\XXX\Desktop\Borderlands2 - Verknüpfung.lnk
[2012.09.25 19:58:07 | 000,096,712 | ---- | C] () -- C:\Users\XXX\Desktop\0f1d653204f411e283fe22000a1d0cf6_7.jpg
[2012.09.24 19:56:11 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.24 15:16:56 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012.09.23 20:27:21 | 000,015,999 | ---- | C] () -- C:\Users\XXX\Desktop\tumblr_m8upagNeyp1qz6pkro1_1280.jpg
[2012.09.23 19:22:02 | 000,019,675 | ---- | C] () -- C:\Users\XX\Desktop\IMG_1747.JPG
[2012.09.23 18:42:45 | 000,078,837 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_1745.JPG
[2012.09.23 17:47:15 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.19 21:38:35 | 008,991,527 | ---- | C] () -- C:\Users\XXX\Desktop\afc2c9ea3b9a8c66.mp3
[2012.09.16 11:40:17 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.17 23:56:53 | 000,139,848 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.17 23:56:40 | 000,138,904 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\PnkBstrK.sys
[2012.07.17 16:54:37 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2012.07.17 16:52:31 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.07.17 16:52:31 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.06.21 10:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.05.07 22:55:43 | 000,000,018 | -HS- | C] () -- C:\Windows\System32\Userdata.ini
[2012.05.06 16:01:44 | 000,282,696 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.05.06 16:01:43 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.03.30 11:37:51 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.18 20:29:21 | 000,000,154 | ---- | C] () -- C:\Users\XXX\.appletviewer
[2012.03.08 20:59:34 | 013,561,800 | ---- | C] () -- C:\Users\XXX\duman.3GP
[2012.03.07 15:49:04 | 000,000,901 | ---- | C] () -- C:\Users\\Vodafone Umts kündigung.rtf
[2012.03.07 01:55:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.06 21:56:56 | 000,000,469 | ---- | C] () -- C:\Users\XXX\Desktop.lnk
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.29 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Synaptics
[2012.09.02 15:28:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\DiskAid
[2012.04.19 08:55:14 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Dropbox
[2012.03.09 00:10:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\e-academy Inc
[2012.07.22 20:50:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\iFunbox_UserCache
[2012.09.30 02:28:22 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\KW
[2012.03.07 20:31:41 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\LolClient
[2012.05.06 16:01:41 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PunkBuster
[2012.05.24 22:52:14 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\redsn0w
[2012.05.27 19:26:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Software4u
[2012.03.07 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Synaptics
[2012.05.12 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\TeamViewer
[2012.07.17 23:43:15 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Ubisoft
[2012.09.25 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.15 23:19:16 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Adobe
[2012.03.08 20:24:17 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Apple Computer
[2012.03.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\CyberLink
[2012.09.02 15:28:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DiskAid
[2012.04.19 08:55:14 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Dropbox
[2012.05.02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\dvdcss
[2012.03.09 00:10:20 | 000,000,000 | ---D | M] -- C:\Users\n\AppData\Roaming\e-academy Inc
[2012.03.06 21:56:46 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\Identities
[2012.07.22 20:50:43 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\iFunbox_UserCache
[2012.09.30 02:28:22 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\KW
[2012.03.07 20:31:41 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\LolClient
[2012.03.07 04:26:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Macromedia
[2012.09.30 02:45:22 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Media Center Programs
[2012.05.05 22:32:49 | 000,000,000 | --SD | M] -- C:\Users\\AppData\Roaming\Microsoft
[2012.03.07 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Mozilla
[2012.07.01 19:10:48 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\NVIDIA
[2012.05.06 16:01:41 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PunkBuster
[2012.05.24 22:52:14 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\redsn0w
[2012.05.27 19:26:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Software4u
[2012.03.07 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Synaptics
[2012.05.12 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\TeamViewer
[2012.07.17 23:43:15 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Ubisoft
[2012.09.25 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\uTorrent
[2012.03.07 04:15:43 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.09.08 17:26:38 | 000,562,718 | R--- | M] () -- C:\Users\\AppData\Roaming\Microsoft\Installer\{ABBC8011-1E42-4ADA-9794-574349612CEF}\_6FEFF9B68218417F98F549.exe
[2012.09.08 17:26:38 | 000,562,718 | R--- | M] () -- C:\Users\\AppData\Roaming\Microsoft\Installer\{ABBC8011-1E42-4ADA-9794-574349612CEF}\_759EB94BBF95C131A58B46.exe
[2011.11.23 18:38:29 | 003,123,272 | R--- | M] () -- C:\Users\\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adp94xx.sys
[2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpahci.sys
[2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpu320.sys
[2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\aliide.sys
[2011.03.11 07:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) Unable to obtain MD5 -- C:\Windows\system32\drivers\amdsata.sys
[2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\amdsbs.sys
[2011.03.11 07:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) Unable to obtain MD5 -- C:\Windows\system32\drivers\amdxata.sys
[2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\arc.sys
[2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\arcsas.sys
[2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\b57nd60x.sys
[2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrFiltLo.sys
[2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrFiltUp.sys
[2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrSerId.sys
[2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrSerWdm.sys
[2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrUsbMdm.sys
[2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrUsbSer.sys
[2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\bxvbdx.sys
[2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\cmdide.sys
[2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\dc3d.sys
[2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\djsvs.sys
[2009.03.26 12:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\DKbFltr.sys
[2012.05.05 23:58:42 | 000,242,240 | ---- | M] (DT Soft Ltd) Unable to obtain MD5 -- C:\Windows\system32\drivers\dtsoftbus01.sys
[2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) Unable to obtain MD5 -- C:\Windows\system32\drivers\elxstor.sys
[2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\evbdx.sys
[2012.08.21 13:01:22 | 000,026,840 | ---- | M] (GEAR Software Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\GEARAspiWDM.sys
[2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\hcw85cir.sys
[2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) Unable to obtain MD5 -- C:\Windows\system32\drivers\HpSAMD.sys
[2009.02.13 12:58:16 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\HSXHWAZL.sys
[2009.02.13 12:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\HSX_CNXT.sys
[2009.02.13 13:00:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\HSX_DPV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) Unable to obtain MD5 -- C:\Windows\system32\drivers\iirsp.sys
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012.07.17 16:50:39 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
[2010.03.29 12:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\L1E62x86.sys
[2009.07.07 19:53:02 | 000,028,160 | ---- | M] (hxxp://libusb-win32.sourceforge.net) Unable to obtain MD5 -- C:\Windows\system32\drivers\libusb0.sys
[2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\lsi_fc.sys
[2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\lsi_sas.sys
[2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\lsi_sas2.sys
[2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\lsi_scsi.sys
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\mbam.sys
[2006.06.18 21:26:58 | 000,012,672 | ---- | M] (Conexant) Unable to obtain MD5 -- C:\Windows\system32\drivers\mdmxsdk.sys
[2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\megasas.sys
[2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\MegaSR.sys
[2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\netaapl.sys
[2010.05.31 21:04:29 | 006,766,080 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\NETw5s32.sys
[2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\netw5v32.sys
[2011.11.01 01:56:36 | 007,522,304 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\NETwNs32.sys
[2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\nfrd960.sys
[2009.08.31 13:41:50 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\nuvotoncir.sys
[2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\nvhda32v.sys
[2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\nvlddmkm.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\nvraid.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\nvstor.sys
[2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) Unable to obtain MD5 -- C:\Windows\system32\drivers\psi_mf.sys
[2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\ql2300.sys
[2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\ql40xx.sys
[2011.07.20 15:13:16 | 000,035,328 | ---- | M] (Research in Motion Ltd) Unable to obtain MD5 -- C:\Windows\system32\drivers\RimSerial.sys
[2011.07.25 17:53:48 | 000,064,512 | ---- | M] (Research In Motion Limited) Unable to obtain MD5 -- C:\Windows\system32\drivers\RimUsb.sys
[2012.03.07 04:03:33 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) Unable to obtain MD5 -- C:\Windows\system32\drivers\RtsUStor.sys
[2009.07.13 22:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) Unable to obtain MD5 -- C:\Windows\system32\drivers\secdrv.sys
[2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) Unable to obtain MD5 -- C:\Windows\system32\drivers\sisraid2.sys
[2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) Unable to obtain MD5 -- C:\Windows\system32\drivers\sisraid4.sys
[2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) Unable to obtain MD5 -- C:\Windows\system32\drivers\stexstor.sys
[2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\storvsc.sys
[2011.03.31 19:32:04 | 001,335,472 | ---- | M] (Synaptics Incorporated) Unable to obtain MD5 -- C:\Windows\system32\drivers\SynTP.sys
[2010.08.20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) Unable to obtain MD5 -- C:\Windows\system32\drivers\tap0901.sys
[2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\TsUsbFlt.sys
[2012.07.09 13:42:56 | 000,044,032 | ---- | M] (Apple, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\usbaapl.sys
[2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\viaide.sys
[2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\vmbus.sys
[2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\VMBusHID.sys
[2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\vms3cap.sys
[2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\vmstorfl.sys
[2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsmraid.sys
[2009.07.14 00:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\VSTAZL3.SYS
[2009.07.14 00:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\VSTCNXT3.SYS
[2009.07.14 00:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\VSTDPV3.SYS
[2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\vwifimp.sys
[2007.03.28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\winbondcir.sys
[2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\winusb.sys
[2009.04.30 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\XAudio32.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll

< End of report >

cosinus · 05.10.2012, 18:08

Irgendwas stimmt mit dem Log nicht. Mach es bitte nochmal neu.

wbx32 · 05.10.2012, 18:53

Code:

ATTFilter

OTL logfile created on: 05.10.2012 19:20:13 - Run 2
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Ozan\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,45% Memory free
5,99 Gb Paging File | 4,84 Gb Available in Paging File | 80,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 218,87 Gb Free Space | 73,43% Space Free | Partition Type: NTFS
 
Computer Name: OZAN-PC | User Name: Ozan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.05 16:21:06 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Ozan\Downloads\OTL.exe
PRC - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.09.24 14:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\Scrybe\scrybe.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.08.24 16:50:46 | 001,190,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.03.31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.04 22:03:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.30 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.17 16:50:39 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.05.05 23:58:42 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.03.07 04:03:33 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.11.01 01:56:36 | 007,522,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.05.31 21:04:29 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010.03.29 12:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.08.31 13:41:50 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.07 19:53:02 | 000,028,160 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009.04.30 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007.03.28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 1B 6B A4 B9 6C CD 01  [binary data]
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ozan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.30 11:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.05 15:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.05 15:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.05 15:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.23 17:47:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.04 22:55:03 | 000,000,000 | ---D | M]
 
[2012.03.07 01:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ozan\AppData\Roaming\mozilla\Extensions
[2012.09.23 14:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ozan\AppData\Roaming\mozilla\Firefox\Profiles\2y409ch6.default\extensions
[2012.09.15 02:15:05 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ozan\AppData\Roaming\mozilla\Firefox\Profiles\2y409ch6.default\extensions\ich@maltegoetz.de
[2012.09.23 17:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.30 11:27:02 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.26 00:53:27 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Driver Genius]  File not found
O4 - HKLM..\Run: [LicenseProxy] C:\Program Files\LicenseProxy\LicenseProxy.exe (MAFIA)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001..\Run: [Facebook Update] C:\Users\Ozan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4237396834-4016416428-3805799152-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ozan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MotDViewer.lnk = C:\Windows\System32\javaw.exe (Oracle Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.09.30 02:36:39 | 000,000,000 | -H-D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8C0C8D5-43E6-4EDF-993E-ED519239BE7B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE729427-0B76-434D-B75A-5F73642A811A}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\Shell - "" = AutoRun
O33 - MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\Shell\AutoRun\command - "" = E:\CDLaunch\shelexec.exe \SP1INST.HTM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Ozan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Ozan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PowerDVD12Agent - hkey= - key= -  File not found
MsConfig - StartUpReg: PowerDVD12DMREngine - hkey= - key= -  File not found
MsConfig - StartUpReg: RIMBBLaunchAgent.exe - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\Ozan\AppData\Local\Secunia PSI
[2012.10.04 22:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.10.03 12:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.30 23:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.30 23:41:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.30 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.30 02:45:22 | 000,000,000 | ---D | C] -- C:\Users\Ozan\AppData\Roaming\Malwarebytes
[2012.09.30 02:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.29 12:57:27 | 000,000,000 | ---D | C] -- C:\Users\Ozan\AppData\Roaming\KW
[2012.09.24 19:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.09.24 19:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.09.24 17:28:58 | 000,000,000 | ---D | C] -- C:\Users\Ozan\Documents\My Games
[2012.09.24 15:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.09.24 15:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2012.09.22 00:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.22 00:14:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.09.16 11:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.16 11:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.16 11:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.16 11:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.08 17:26:38 | 000,000,000 | ---D | C] -- C:\Users\Ozan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWebcamera
[2012.09.08 17:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWebcamera
[2012.09.08 17:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\drahtwerk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.05 19:23:18 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 19:23:18 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 19:20:01 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237396834-4016416428-3805799152-1001UA.job
[2012.10.05 19:20:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237396834-4016416428-3805799152-1001Core.job
[2012.10.05 19:19:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.05 19:16:06 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.05 19:15:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.05 19:15:42 | 2411,880,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.05 15:58:01 | 000,453,464 | ---- | M] () -- C:\Users\Ozan\Desktop\Bluescreenviewer.jpg
[2012.10.04 23:07:38 | 003,156,294 | ---- | M] () -- C:\Users\Ozan\Desktop\Mac Miller Missed calls.mp3
[2012.10.04 22:51:16 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.10.04 22:22:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012.10.04 17:50:40 | 300,777,515 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.04 17:39:56 | 002,113,208 | ---- | M] () -- C:\Users\Ozan\Desktop\IMG_1856.JPG
[2012.10.03 10:41:33 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.03 10:41:33 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.03 10:41:33 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.03 10:41:33 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.30 23:41:37 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 02:36:30 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.27 02:33:39 | 001,302,541 | ---- | M] () -- C:\Users\Ozan\Desktop\FB1_ab2011.pdf
[2012.09.27 01:53:09 | 001,257,459 | ---- | M] () -- C:\Users\Ozan\Desktop\FB3_ab2011.pdf
[2012.09.27 01:39:12 | 001,025,602 | ---- | M] () -- C:\Users\Ozan\Desktop\Anl1_zu_FB1_ab2011.pdf
[2012.09.25 20:07:09 | 000,001,915 | ---- | M] () -- C:\Users\Ozan\Desktop\Borderlands2 - Verknüpfung.lnk
[2012.09.25 19:58:09 | 000,096,712 | ---- | M] () -- C:\Users\Ozan\Desktop\0f1d653204f411e283fe22000a1d0cf6_7.jpg
[2012.09.24 19:56:11 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.24 15:16:56 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012.09.23 20:27:23 | 000,015,999 | ---- | M] () -- C:\Users\Ozan\Desktop\tumblr_m8upagNeyp1qz6pkro1_1280.jpg
[2012.09.23 19:22:01 | 000,019,675 | ---- | M] () -- C:\Users\Ozan\Desktop\IMG_1747.JPG
[2012.09.23 18:42:44 | 000,078,837 | ---- | M] () -- C:\Users\Ozan\Desktop\IMG_1745.JPG
[2012.09.23 17:47:15 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.23 14:03:16 | 000,002,184 | ---- | M] () -- C:\Users\Ozan\Desktop\iDevice Manager.lnk
[2012.09.19 21:38:50 | 008,991,527 | ---- | M] () -- C:\Users\Ozan\Desktop\afc2c9ea3b9a8c66.mp3
[2012.09.16 11:40:17 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.05 15:58:01 | 000,453,464 | ---- | C] () -- C:\Users\Ozan\Desktop\Bluescreenviewer.jpg
[2012.10.04 23:07:31 | 003,156,294 | ---- | C] () -- C:\Users\Ozan\Desktop\Mac Miller Missed calls.mp3
[2012.10.04 22:51:16 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.10.04 22:51:15 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.10.04 22:22:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012.10.04 17:39:57 | 002,113,208 | ---- | C] () -- C:\Users\Ozan\Desktop\IMG_1856.JPG
[2012.10.02 11:49:44 | 000,069,241 | ---- | C] () -- C:\Users\Ozan\Desktop\Noten.pdf
[2012.09.30 23:41:37 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 02:36:30 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.27 01:22:27 | 001,302,541 | ---- | C] () -- C:\Users\Ozan\Desktop\FB1_ab2011.pdf
[2012.09.27 01:22:21 | 001,257,459 | ---- | C] () -- C:\Users\Ozan\Desktop\FB3_ab2011.pdf
[2012.09.27 01:22:06 | 001,025,602 | ---- | C] () -- C:\Users\Ozan\Desktop\Anl1_zu_FB1_ab2011.pdf
[2012.09.25 20:07:09 | 000,001,915 | ---- | C] () -- C:\Users\Ozan\Desktop\Borderlands2 - Verknüpfung.lnk
[2012.09.25 19:58:07 | 000,096,712 | ---- | C] () -- C:\Users\Ozan\Desktop\0f1d653204f411e283fe22000a1d0cf6_7.jpg
[2012.09.24 19:56:11 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.24 15:16:56 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012.09.23 20:27:21 | 000,015,999 | ---- | C] () -- C:\Users\Ozan\Desktop\tumblr_m8upagNeyp1qz6pkro1_1280.jpg
[2012.09.23 19:22:02 | 000,019,675 | ---- | C] () -- C:\Users\Ozan\Desktop\IMG_1747.JPG
[2012.09.23 18:42:45 | 000,078,837 | ---- | C] () -- C:\Users\Ozan\Desktop\IMG_1745.JPG
[2012.09.23 17:47:15 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.19 21:38:35 | 008,991,527 | ---- | C] () -- C:\Users\Ozan\Desktop\afc2c9ea3b9a8c66.mp3
[2012.09.16 11:40:17 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.17 23:56:53 | 000,139,848 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.17 23:56:40 | 000,138,904 | ---- | C] () -- C:\Users\Ozan\AppData\Roaming\PnkBstrK.sys
[2012.07.17 16:54:37 | 000,017,408 | ---- | C] () -- C:\Users\Ozan\AppData\Local\WebpageIcons.db
[2012.07.17 16:52:31 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.07.17 16:52:31 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.06.21 10:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.05.07 22:55:43 | 000,000,018 | -HS- | C] () -- C:\Windows\System32\Userdata.ini
[2012.05.06 16:01:44 | 000,282,696 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.05.06 16:01:43 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.03.30 11:37:51 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.18 20:29:21 | 000,000,154 | ---- | C] () -- C:\Users\Ozan\.appletviewer
[2012.03.08 20:59:34 | 013,561,800 | ---- | C] () -- C:\Users\Ozan\duman.3GP
[2012.03.07 15:49:04 | 000,000,901 | ---- | C] () -- C:\Users\Ozan\Vodafone Umts kündigung.rtf
[2012.03.07 01:55:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.06 21:56:56 | 000,000,469 | ---- | C] () -- C:\Users\Ozan\Desktop.lnk
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.29 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Synaptics
[2012.09.02 15:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\DiskAid
[2012.04.19 08:55:14 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Dropbox
[2012.03.09 00:10:20 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\e-academy Inc
[2012.07.22 20:50:43 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\iFunbox_UserCache
[2012.09.30 02:28:22 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\KW
[2012.03.07 20:31:41 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\LolClient
[2012.05.06 16:01:41 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\PunkBuster
[2012.05.24 22:52:14 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\redsn0w
[2012.05.27 19:26:10 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Software4u
[2012.03.07 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Synaptics
[2012.05.12 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\TeamViewer
[2012.07.17 23:43:15 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Ubisoft
[2012.09.25 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.15 23:19:16 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Adobe
[2012.03.08 20:24:17 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Apple Computer
[2012.03.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\CyberLink
[2012.09.02 15:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\DiskAid
[2012.04.19 08:55:14 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Dropbox
[2012.05.02 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\dvdcss
[2012.03.09 00:10:20 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\e-academy Inc
[2012.03.06 21:56:46 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Identities
[2012.07.22 20:50:43 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\iFunbox_UserCache
[2012.09.30 02:28:22 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\KW
[2012.03.07 20:31:41 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\LolClient
[2012.03.07 04:26:36 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Macromedia
[2012.09.30 02:45:22 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Media Center Programs
[2012.05.05 22:32:49 | 000,000,000 | --SD | M] -- C:\Users\Ozan\AppData\Roaming\Microsoft
[2012.03.07 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Mozilla
[2012.07.01 19:10:48 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\NVIDIA
[2012.05.06 16:01:41 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\PunkBuster
[2012.05.24 22:52:14 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\redsn0w
[2012.05.27 19:26:10 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Software4u
[2012.03.07 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Synaptics
[2012.05.12 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\TeamViewer
[2012.07.17 23:43:15 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\Ubisoft
[2012.09.25 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\uTorrent
[2012.03.07 04:15:43 | 000,000,000 | ---D | M] -- C:\Users\Ozan\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ozan\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ozan\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.09.08 17:26:38 | 000,562,718 | R--- | M] () -- C:\Users\Ozan\AppData\Roaming\Microsoft\Installer\{ABBC8011-1E42-4ADA-9794-574349612CEF}\_6FEFF9B68218417F98F549.exe
[2012.09.08 17:26:38 | 000,562,718 | R--- | M] () -- C:\Users\Ozan\AppData\Roaming\Microsoft\Installer\{ABBC8011-1E42-4ADA-9794-574349612CEF}\_759EB94BBF95C131A58B46.exe
[2011.11.23 18:38:29 | 003,123,272 | R--- | M] () -- C:\Users\Ozan\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012.07.17 16:50:39 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll

< End of report >

cosinus · 06.10.2012, 18:40

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\Shell - "" = AutoRun
O33 - MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\Shell\AutoRun\command - "" = E:\CDLaunch\shelexec.exe \SP1INST.HTM
:Files
C:\install.exe
C:\Users\xxx\Downloads\sbf-loader_2009_final
C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

wbx32 · 06.10.2012, 18:55

incredibar beim tab ist immer noch vorhanden

hier der Log vom FIX

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{470ba8bc-6915-11e1-b8b0-00238b5ed3d9}\ not found.
File E:\CDLaunch\shelexec.exe \SP1INST.HTM not found.
========== FILES ==========
C:\install.exe moved successfully.
C:\Users\Ozan\Downloads\sbf-loader_2009_final folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
Folder move failed. C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 scheduled to be moved on reboot.
Folder move failed. C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ozan\Downloads\cmd.bat deleted successfully.
C:\Users\Ozan\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 12370492 bytes
->Temporary Internet Files folder emptied: 2439937 bytes
->FireFox cache emptied: 75584354 bytes
->Flash cache emptied: 1444 bytes
 
User: Ozan
->Temp folder emptied: 4553234285 bytes
->Temporary Internet Files folder emptied: 12532821 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 262822568 bytes
->Flash cache emptied: 9150 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2732692 bytes
RecycleBin emptied: 23577390 bytes
 
Total Files Cleaned = 4.716,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.2 log created on 10062012_194853

Files\Folders moved on Reboot...
File\Folder C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 not found!
C:\Users\Ozan\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 07.10.2012, 06:45

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

wbx32 · 07.10.2012, 10:59

Hier der LOG vom TDSSKILLER:

Code:

ATTFilter

11:55:29.0047 3192  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:55:29.0206 3192  ============================================================
11:55:29.0206 3192  Current date / time: 2012/10/07 11:55:29.0206
11:55:29.0206 3192  SystemInfo:
11:55:29.0207 3192  
11:55:29.0207 3192  OS Version: 6.1.7601 ServicePack: 1.0
11:55:29.0207 3192  Product type: Workstation
11:55:29.0207 3192  ComputerName: OZAN-PC
11:55:29.0210 3192  UserName: Ozan
11:55:29.0210 3192  Windows directory: C:\Windows
11:55:29.0210 3192  System windows directory: C:\Windows
11:55:29.0210 3192  Processor architecture: Intel x86
11:55:29.0210 3192  Number of processors: 2
11:55:29.0210 3192  Page size: 0x1000
11:55:29.0210 3192  Boot type: Normal boot
11:55:29.0210 3192  ============================================================
11:55:31.0097 3192  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:55:31.0102 3192  ============================================================
11:55:31.0102 3192  \Device\Harddisk0\DR0:
11:55:31.0102 3192  MBR partitions:
11:55:31.0102 3192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
11:55:31.0102 3192  ============================================================
11:55:31.0133 3192  C: <-> \Device\Harddisk0\DR0\Partition1
11:55:31.0133 3192  ============================================================
11:55:31.0134 3192  Initialize success
11:55:31.0134 3192  ============================================================
11:56:48.0067 2052  ============================================================
11:56:48.0067 2052  Scan started
11:56:48.0067 2052  Mode: Manual; SigCheck; TDLFS; 
11:56:48.0067 2052  ============================================================
11:56:49.0417 2052  ================ Scan system memory ========================
11:56:49.0417 2052  System memory - ok
11:56:49.0418 2052  ================ Scan services =============================
11:56:49.0594 2052  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:56:49.0729 2052  1394ohci - ok
11:56:49.0777 2052  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:56:49.0810 2052  ACPI - ok
11:56:49.0852 2052  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:56:49.0889 2052  AcpiPmi - ok
11:56:50.0009 2052  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:56:50.0032 2052  AdobeARMservice - ok
11:56:50.0076 2052  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:56:50.0117 2052  adp94xx - ok
11:56:50.0143 2052  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:56:50.0178 2052  adpahci - ok
11:56:50.0202 2052  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:56:50.0232 2052  adpu320 - ok
11:56:50.0257 2052  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:56:50.0317 2052  AeLookupSvc - ok
11:56:50.0369 2052  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
11:56:50.0428 2052  AFD - ok
11:56:50.0455 2052  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:56:50.0483 2052  agp440 - ok
11:56:50.0519 2052  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:56:50.0546 2052  aic78xx - ok
11:56:50.0586 2052  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
11:56:50.0649 2052  ALG - ok
11:56:50.0678 2052  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:56:50.0704 2052  aliide - ok
11:56:50.0725 2052  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:56:50.0753 2052  amdagp - ok
11:56:50.0763 2052  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:56:50.0789 2052  amdide - ok
11:56:50.0824 2052  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:56:50.0867 2052  AmdK8 - ok
11:56:50.0885 2052  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:56:50.0927 2052  AmdPPM - ok
11:56:50.0965 2052  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:56:50.0993 2052  amdsata - ok
11:56:51.0008 2052  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:56:51.0039 2052  amdsbs - ok
11:56:51.0052 2052  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:56:51.0077 2052  amdxata - ok
11:56:51.0113 2052  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
11:56:51.0176 2052  AppID - ok
11:56:51.0220 2052  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:56:51.0286 2052  AppIDSvc - ok
11:56:51.0323 2052  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
11:56:51.0385 2052  Appinfo - ok
11:56:51.0531 2052  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:56:51.0551 2052  Apple Mobile Device - ok
11:56:51.0595 2052  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:56:51.0640 2052  AppMgmt - ok
11:56:51.0679 2052  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:56:51.0707 2052  arc - ok
11:56:51.0721 2052  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:56:51.0750 2052  arcsas - ok
11:56:51.0833 2052  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:56:51.0857 2052  aspnet_state - ok
11:56:51.0886 2052  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:56:51.0947 2052  AsyncMac - ok
11:56:51.0979 2052  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
11:56:52.0003 2052  atapi - ok
11:56:52.0059 2052  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:56:52.0132 2052  AudioEndpointBuilder - ok
11:56:52.0144 2052  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:56:52.0204 2052  Audiosrv - ok
11:56:52.0271 2052  [ 2718DC27571BD1E37813F5759D2DC118 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
11:56:52.0306 2052  AVP - ok
11:56:52.0335 2052  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:56:52.0424 2052  AxInstSV - ok
11:56:52.0470 2052  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:56:52.0531 2052  b06bdrv - ok
11:56:52.0555 2052  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:56:52.0587 2052  b57nd60x - ok
11:56:52.0613 2052  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:56:52.0656 2052  BDESVC - ok
11:56:52.0685 2052  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:56:52.0745 2052  Beep - ok
11:56:52.0791 2052  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
11:56:52.0863 2052  BFE - ok
11:56:52.0889 2052  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
11:56:52.0977 2052  BITS - ok
11:56:52.0992 2052  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:56:53.0033 2052  blbdrive - ok
11:56:53.0090 2052  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:56:53.0116 2052  Bonjour Service - ok
11:56:53.0158 2052  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:56:53.0201 2052  bowser - ok
11:56:53.0234 2052  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:56:53.0280 2052  BrFiltLo - ok
11:56:53.0295 2052  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:56:53.0349 2052  BrFiltUp - ok
11:56:53.0382 2052  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
11:56:53.0425 2052  Browser - ok
11:56:53.0476 2052  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:56:53.0588 2052  Brserid - ok
11:56:53.0611 2052  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:56:53.0659 2052  BrSerWdm - ok
11:56:53.0679 2052  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:56:53.0724 2052  BrUsbMdm - ok
11:56:53.0745 2052  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:56:53.0800 2052  BrUsbSer - ok
11:56:53.0817 2052  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:56:53.0849 2052  BTHMODEM - ok
11:56:53.0893 2052  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
11:56:53.0946 2052  bthserv - ok
11:56:53.0969 2052  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:56:54.0029 2052  cdfs - ok
11:56:54.0070 2052  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:56:54.0108 2052  cdrom - ok
11:56:54.0152 2052  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:56:54.0211 2052  CertPropSvc - ok
11:56:54.0267 2052  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:56:54.0297 2052  circlass - ok
11:56:54.0329 2052  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
11:56:54.0362 2052  CLFS - ok
11:56:54.0408 2052  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:56:54.0435 2052  clr_optimization_v2.0.50727_32 - ok
11:56:54.0490 2052  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:56:54.0515 2052  clr_optimization_v4.0.30319_32 - ok
11:56:54.0531 2052  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:56:54.0558 2052  CmBatt - ok
11:56:54.0577 2052  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:56:54.0603 2052  cmdide - ok
11:56:54.0633 2052  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
11:56:54.0680 2052  CNG - ok
11:56:54.0704 2052  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:56:54.0731 2052  Compbatt - ok
11:56:54.0763 2052  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:56:54.0794 2052  CompositeBus - ok
11:56:54.0804 2052  COMSysApp - ok
11:56:54.0824 2052  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:56:54.0850 2052  crcdisk - ok
11:56:54.0892 2052  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:56:54.0940 2052  CryptSvc - ok
11:56:54.0973 2052  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
11:56:55.0014 2052  CSC - ok
11:56:55.0051 2052  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
11:56:55.0112 2052  CscService - ok
11:56:55.0166 2052  [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
11:56:55.0202 2052  dc3d - ok
11:56:55.0235 2052  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:56:55.0304 2052  DcomLaunch - ok
11:56:55.0336 2052  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:56:55.0403 2052  defragsvc - ok
11:56:55.0480 2052  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:56:55.0533 2052  DfsC - ok
11:56:55.0587 2052  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:56:55.0642 2052  Dhcp - ok
11:56:55.0679 2052  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
11:56:55.0747 2052  discache - ok
11:56:55.0779 2052  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:56:55.0804 2052  Disk - ok
11:56:55.0842 2052  [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
11:56:55.0863 2052  DKbFltr - ok
11:56:55.0892 2052  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:56:55.0942 2052  Dnscache - ok
11:56:55.0980 2052  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:56:56.0046 2052  dot3svc - ok
11:56:56.0079 2052  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
11:56:56.0150 2052  DPS - ok
11:56:56.0189 2052  DritekPortIO - ok
11:56:56.0229 2052  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:56:56.0274 2052  drmkaud - ok
11:56:56.0299 2052  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:56:56.0325 2052  dtsoftbus01 - ok
11:56:56.0369 2052  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:56:56.0413 2052  DXGKrnl - ok
11:56:56.0439 2052  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
11:56:56.0508 2052  EapHost - ok
11:56:56.0621 2052  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:56:56.0777 2052  ebdrv - ok
11:56:56.0806 2052  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
11:56:56.0849 2052  EFS - ok
11:56:56.0908 2052  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:56:56.0971 2052  ehRecvr - ok
11:56:56.0990 2052  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
11:56:57.0036 2052  ehSched - ok
11:56:57.0080 2052  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:56:57.0119 2052  elxstor - ok
11:56:57.0140 2052  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:56:57.0172 2052  ErrDev - ok
11:56:57.0227 2052  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
11:56:57.0299 2052  EventSystem - ok
11:56:57.0320 2052  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
11:56:57.0387 2052  exfat - ok
11:56:57.0456 2052  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:56:57.0521 2052  fastfat - ok
11:56:57.0572 2052  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
11:56:57.0632 2052  Fax - ok
11:56:57.0659 2052  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:56:57.0698 2052  fdc - ok
11:56:57.0728 2052  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
11:56:57.0795 2052  fdPHost - ok
11:56:57.0811 2052  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
11:56:57.0875 2052  FDResPub - ok
11:56:57.0890 2052  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:56:57.0919 2052  FileInfo - ok
11:56:57.0934 2052  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:56:57.0996 2052  Filetrace - ok
11:56:58.0014 2052  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:56:58.0055 2052  flpydisk - ok
11:56:58.0089 2052  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:56:58.0120 2052  FltMgr - ok
11:56:58.0157 2052  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
11:56:58.0247 2052  FontCache - ok
11:56:58.0303 2052  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:56:58.0323 2052  FontCache3.0.0.0 - ok
11:56:58.0336 2052  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:56:58.0362 2052  FsDepends - ok
11:56:58.0388 2052  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:56:58.0413 2052  Fs_Rec - ok
11:56:58.0453 2052  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:56:58.0489 2052  fvevol - ok
11:56:58.0532 2052  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:56:58.0559 2052  gagp30kx - ok
11:56:58.0622 2052  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:56:58.0640 2052  GEARAspiWDM - ok
11:56:58.0677 2052  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:56:58.0811 2052  gpsvc - ok
11:56:58.0891 2052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:58.0912 2052  gupdate - ok
11:56:58.0924 2052  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:58.0944 2052  gupdatem - ok
11:56:58.0970 2052  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:56:59.0024 2052  hcw85cir - ok
11:56:59.0064 2052  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:56:59.0107 2052  HdAudAddService - ok
11:56:59.0142 2052  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:56:59.0188 2052  HDAudBus - ok
11:56:59.0218 2052  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:56:59.0259 2052  HidBatt - ok
11:56:59.0275 2052  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:56:59.0313 2052  HidBth - ok
11:56:59.0331 2052  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:56:59.0383 2052  HidIr - ok
11:56:59.0477 2052  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
11:56:59.0547 2052  hidserv - ok
11:56:59.0588 2052  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:56:59.0617 2052  HidUsb - ok
11:56:59.0654 2052  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:56:59.0711 2052  hkmsvc - ok
11:56:59.0732 2052  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:56:59.0778 2052  HomeGroupListener - ok
11:56:59.0816 2052  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:56:59.0868 2052  HomeGroupProvider - ok
11:56:59.0907 2052  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:56:59.0935 2052  HpSAMD - ok
11:56:59.0985 2052  [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
11:57:00.0024 2052  HsfXAudioService - ok
11:57:00.0057 2052  [ 227C3BA25012752BB7450235392C719F ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:57:00.0138 2052  HSF_DPV - ok
11:57:00.0164 2052  [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:57:00.0202 2052  HSXHWAZL - ok
11:57:00.0249 2052  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:57:00.0309 2052  HTTP - ok
11:57:00.0329 2052  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:57:00.0354 2052  hwpolicy - ok
11:57:00.0378 2052  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:57:00.0419 2052  i8042prt - ok
11:57:00.0461 2052  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:57:00.0497 2052  iaStorV - ok
11:57:00.0570 2052  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:57:00.0636 2052  idsvc - ok
11:57:00.0673 2052  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:57:00.0700 2052  iirsp - ok
11:57:00.0741 2052  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:57:00.0831 2052  IKEEXT - ok
11:57:00.0863 2052  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:57:00.0889 2052  intelide - ok
11:57:00.0919 2052  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:57:00.0956 2052  intelppm - ok
11:57:00.0981 2052  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:57:01.0055 2052  IPBusEnum - ok
11:57:01.0069 2052  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:57:01.0128 2052  IpFilterDriver - ok
11:57:01.0169 2052  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:57:01.0243 2052  iphlpsvc - ok
11:57:01.0270 2052  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:57:01.0299 2052  IPMIDRV - ok
11:57:01.0322 2052  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:57:01.0386 2052  IPNAT - ok
11:57:01.0497 2052  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:57:01.0536 2052  iPod Service - ok
11:57:01.0575 2052  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:57:01.0606 2052  IRENUM - ok
11:57:01.0627 2052  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:57:01.0654 2052  isapnp - ok
11:57:01.0694 2052  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:57:01.0729 2052  iScsiPrt - ok
11:57:01.0750 2052  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:57:01.0778 2052  kbdclass - ok
11:57:01.0793 2052  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:57:01.0831 2052  kbdhid - ok
11:57:01.0847 2052  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
11:57:01.0875 2052  KeyIso - ok
11:57:01.0923 2052  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
11:57:01.0947 2052  KL1 - ok
11:57:01.0975 2052  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
11:57:01.0992 2052  kl2 - ok
11:57:02.0056 2052  [ AF04D0CE7939324E9A605B159295706C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
11:57:02.0091 2052  KLIF - ok
11:57:02.0104 2052  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
11:57:02.0123 2052  KLIM6 - ok
11:57:02.0166 2052  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
11:57:02.0187 2052  klmouflt - ok
11:57:02.0211 2052  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:57:02.0238 2052  KSecDD - ok
11:57:02.0265 2052  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:57:02.0296 2052  KSecPkg - ok
11:57:02.0324 2052  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:57:02.0393 2052  KtmRm - ok
11:57:02.0433 2052  [ 14F63A275C1BFF4D35E02DE1127E8A85 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
11:57:02.0453 2052  L1E - ok
11:57:02.0498 2052  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:57:02.0572 2052  LanmanServer - ok
11:57:02.0601 2052  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:57:02.0663 2052  LanmanWorkstation - ok
11:57:02.0719 2052  [ 03E12DBFACF1AEB86C553B0DB488FB81 ] libusb0         C:\Windows\system32\drivers\libusb0.sys
11:57:02.0737 2052  libusb0 ( UnsignedFile.Multi.Generic ) - warning
11:57:02.0737 2052  libusb0 - detected UnsignedFile.Multi.Generic (1)
11:57:02.0767 2052  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:57:02.0837 2052  lltdio - ok
11:57:02.0880 2052  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:57:02.0938 2052  lltdsvc - ok
11:57:02.0954 2052  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:57:03.0018 2052  lmhosts - ok
11:57:03.0046 2052  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:57:03.0075 2052  LSI_FC - ok
11:57:03.0085 2052  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:57:03.0113 2052  LSI_SAS - ok
11:57:03.0134 2052  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:57:03.0165 2052  LSI_SAS2 - ok
11:57:03.0186 2052  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:57:03.0214 2052  LSI_SCSI - ok
11:57:03.0234 2052  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
11:57:03.0295 2052  luafv - ok
11:57:03.0328 2052  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:57:03.0360 2052  Mcx2Svc - ok
11:57:03.0396 2052  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:57:03.0419 2052  mdmxsdk - ok
11:57:03.0474 2052  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:57:03.0501 2052  megasas - ok
11:57:03.0525 2052  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:57:03.0561 2052  MegaSR - ok
11:57:03.0614 2052  Microsoft SharePoint Workspace Audit Service - ok
11:57:03.0651 2052  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
11:57:03.0715 2052  MMCSS - ok
11:57:03.0728 2052  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
11:57:03.0792 2052  Modem - ok
11:57:03.0839 2052  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:57:03.0880 2052  monitor - ok
11:57:03.0910 2052  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:57:03.0935 2052  mouclass - ok
11:57:03.0946 2052  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:57:03.0987 2052  mouhid - ok
11:57:04.0011 2052  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:57:04.0038 2052  mountmgr - ok
11:57:04.0104 2052  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:57:04.0129 2052  MozillaMaintenance - ok
11:57:04.0153 2052  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:57:04.0183 2052  mpio - ok
11:57:04.0215 2052  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:57:04.0275 2052  mpsdrv - ok
11:57:04.0314 2052  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:57:04.0395 2052  MpsSvc - ok
11:57:04.0426 2052  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:57:04.0467 2052  MRxDAV - ok
11:57:04.0499 2052  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:57:04.0544 2052  mrxsmb - ok
11:57:04.0570 2052  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:57:04.0620 2052  mrxsmb10 - ok
11:57:04.0642 2052  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:57:04.0684 2052  mrxsmb20 - ok
11:57:04.0717 2052  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
11:57:04.0744 2052  msahci - ok
11:57:04.0772 2052  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:57:04.0801 2052  msdsm - ok
11:57:04.0826 2052  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
11:57:04.0870 2052  MSDTC - ok
11:57:04.0904 2052  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:57:04.0958 2052  Msfs - ok
11:57:04.0972 2052  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:57:05.0037 2052  mshidkmdf - ok
11:57:05.0069 2052  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:57:05.0095 2052  msisadrv - ok
11:57:05.0125 2052  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:57:05.0193 2052  MSiSCSI - ok
11:57:05.0201 2052  msiserver - ok
11:57:05.0252 2052  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:57:05.0316 2052  MSKSSRV - ok
11:57:05.0347 2052  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:57:05.0412 2052  MSPCLOCK - ok
11:57:05.0467 2052  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:57:05.0519 2052  MSPQM - ok
11:57:05.0542 2052  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:57:05.0572 2052  MsRPC - ok
11:57:05.0603 2052  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:57:05.0629 2052  mssmbios - ok
11:57:05.0650 2052  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:57:05.0705 2052  MSTEE - ok
11:57:05.0718 2052  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:57:05.0760 2052  MTConfig - ok
11:57:05.0774 2052  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:57:05.0800 2052  Mup - ok
11:57:05.0837 2052  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
11:57:05.0918 2052  napagent - ok
11:57:05.0964 2052  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:57:06.0002 2052  NativeWifiP - ok
11:57:06.0053 2052  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:57:06.0111 2052  NDIS - ok
11:57:06.0128 2052  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:57:06.0181 2052  NdisCap - ok
11:57:06.0201 2052  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:57:06.0257 2052  NdisTapi - ok
11:57:06.0290 2052  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:57:06.0351 2052  Ndisuio - ok
11:57:06.0387 2052  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:57:06.0444 2052  NdisWan - ok
11:57:06.0463 2052  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:57:06.0521 2052  NDProxy - ok
11:57:06.0571 2052  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
11:57:06.0607 2052  Netaapl - ok
11:57:06.0651 2052  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:57:06.0711 2052  NetBIOS - ok
11:57:06.0743 2052  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:57:06.0809 2052  NetBT - ok
11:57:06.0821 2052  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
11:57:06.0850 2052  Netlogon - ok
11:57:06.0889 2052  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
11:57:06.0965 2052  Netman - ok
11:57:07.0016 2052  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:57:07.0040 2052  NetMsmqActivator - ok
11:57:07.0047 2052  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:57:07.0069 2052  NetPipeActivator - ok
11:57:07.0093 2052  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
11:57:07.0156 2052  netprofm - ok
11:57:07.0165 2052  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:57:07.0203 2052  NetTcpActivator - ok
11:57:07.0209 2052  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:57:07.0232 2052  NetTcpPortSharing - ok
11:57:07.0500 2052  [ A520AED8926AD6185031B9B18F55397E ] NETw5s32        C:\Windows\system32\DRIVERS\NETw5s32.sys
11:57:07.0846 2052  NETw5s32 - ok
11:57:07.0981 2052  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
11:57:08.0178 2052  netw5v32 - ok
11:57:08.0413 2052  [ 6DE8D8D6E23F42D819EAE39FA3F6F31D ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
11:57:08.0706 2052  NETwNs32 - ok
11:57:08.0744 2052  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:57:08.0770 2052  nfrd960 - ok
11:57:08.0799 2052  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:57:08.0871 2052  NlaSvc - ok
11:57:08.0895 2052  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:57:08.0957 2052  Npfs - ok
11:57:08.0986 2052  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
11:57:09.0053 2052  nsi - ok
11:57:09.0071 2052  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:57:09.0131 2052  nsiproxy - ok
11:57:09.0180 2052  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:57:09.0257 2052  Ntfs - ok
11:57:09.0282 2052  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
11:57:09.0347 2052  Null - ok
11:57:09.0395 2052  [ 97564839DC47131BB5E1EAFD1F884415 ] nuvotoncir      C:\Windows\system32\DRIVERS\nuvotoncir.sys
11:57:09.0426 2052  nuvotoncir - ok
11:57:09.0511 2052  [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
11:57:09.0535 2052  NVHDA - ok
11:57:09.0828 2052  [ E891B3979F0CF2740C1B073F834221FE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:57:10.0135 2052  nvlddmkm - ok
11:57:10.0160 2052  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:57:10.0189 2052  nvraid - ok
11:57:10.0219 2052  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:57:10.0249 2052  nvstor - ok
11:57:10.0302 2052  [ AE2DE8E165DCB93A66B21748E6F913DF ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:57:10.0340 2052  nvsvc - ok
11:57:10.0360 2052  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:57:10.0389 2052  nv_agp - ok
11:57:10.0424 2052  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:57:10.0484 2052  ohci1394 - ok
11:57:10.0516 2052  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:57:10.0541 2052  ose - ok
11:57:10.0724 2052  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:57:10.0947 2052  osppsvc - ok
11:57:10.0986 2052  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:57:11.0041 2052  p2pimsvc - ok
11:57:11.0065 2052  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:57:11.0103 2052  p2psvc - ok
11:57:11.0120 2052  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:57:11.0148 2052  Parport - ok
11:57:11.0183 2052  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:57:11.0209 2052  partmgr - ok
11:57:11.0230 2052  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:57:11.0267 2052  Parvdm - ok
11:57:11.0289 2052  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:57:11.0328 2052  PcaSvc - ok
11:57:11.0352 2052  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
11:57:11.0382 2052  pci - ok
11:57:11.0455 2052  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
11:57:11.0482 2052  pciide - ok
11:57:11.0538 2052  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:57:11.0569 2052  pcmcia - ok
11:57:11.0582 2052  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
11:57:11.0608 2052  pcw - ok
11:57:11.0641 2052  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:57:11.0733 2052  PEAUTH - ok
11:57:11.0787 2052  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:57:11.0875 2052  PeerDistSvc - ok
11:57:11.0961 2052  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
11:57:12.0079 2052  pla - ok
11:57:12.0116 2052  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:57:12.0180 2052  PlugPlay - ok
11:57:12.0208 2052  [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
11:57:12.0232 2052  PnkBstrA - ok
11:57:12.0261 2052  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:57:12.0304 2052  PNRPAutoReg - ok
11:57:12.0330 2052  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:57:12.0362 2052  PNRPsvc - ok
11:57:12.0394 2052  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:57:12.0451 2052  PolicyAgent - ok
11:57:12.0476 2052  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
11:57:12.0538 2052  Power - ok
11:57:12.0581 2052  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:57:12.0640 2052  PptpMiniport - ok
11:57:12.0658 2052  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:57:12.0691 2052  Processor - ok
11:57:12.0732 2052  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
11:57:12.0783 2052  ProfSvc - ok
11:57:12.0796 2052  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:57:12.0824 2052  ProtectedStorage - ok
11:57:12.0871 2052  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:57:12.0925 2052  Psched - ok
11:57:12.0980 2052  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:57:13.0074 2052  ql2300 - ok
11:57:13.0094 2052  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:57:13.0124 2052  ql40xx - ok
11:57:13.0168 2052  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
11:57:13.0265 2052  QWAVE - ok
11:57:13.0288 2052  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:57:13.0320 2052  QWAVEdrv - ok
11:57:13.0339 2052  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:57:13.0391 2052  RasAcd - ok
11:57:13.0498 2052  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:57:13.0564 2052  RasAgileVpn - ok
11:57:13.0602 2052  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
11:57:13.0659 2052  RasAuto - ok
11:57:13.0688 2052  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:57:13.0749 2052  Rasl2tp - ok
11:57:13.0790 2052  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
11:57:13.0863 2052  RasMan - ok
11:57:13.0884 2052  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:57:13.0937 2052  RasPppoe - ok
11:57:13.0950 2052  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:57:14.0011 2052  RasSstp - ok
11:57:14.0032 2052  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:57:14.0096 2052  rdbss - ok
11:57:14.0117 2052  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:57:14.0147 2052  rdpbus - ok
11:57:14.0175 2052  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:57:14.0240 2052  RDPCDD - ok
11:57:14.0263 2052  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:57:14.0310 2052  RDPDR - ok
11:57:14.0345 2052  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:57:14.0402 2052  RDPENCDD - ok
11:57:14.0427 2052  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:57:14.0488 2052  RDPREFMP - ok
11:57:14.0517 2052  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:57:14.0567 2052  RDPWD - ok
11:57:14.0598 2052  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:57:14.0628 2052  rdyboost - ok
11:57:14.0653 2052  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:57:14.0714 2052  RemoteAccess - ok
11:57:14.0741 2052  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:57:14.0816 2052  RemoteRegistry - ok
11:57:14.0850 2052  [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
11:57:14.0894 2052  RimUsb - ok
11:57:14.0926 2052  [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
11:57:14.0971 2052  RimVSerPort - ok
11:57:14.0998 2052  [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
11:57:15.0058 2052  ROOTMODEM - ok
11:57:15.0101 2052  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:57:15.0168 2052  RpcEptMapper - ok
11:57:15.0197 2052  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
11:57:15.0235 2052  RpcLocator - ok
11:57:15.0255 2052  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
11:57:15.0313 2052  RpcSs - ok
11:57:15.0345 2052  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:57:15.0414 2052  rspndr - ok
11:57:15.0518 2052  [ F1ED9FFA59C369E72BC53A7631346F61 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
11:57:15.0541 2052  RSUSBSTOR - ok
11:57:15.0566 2052  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:57:15.0617 2052  s3cap - ok
11:57:15.0638 2052  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
11:57:15.0666 2052  SamSs - ok
11:57:15.0694 2052  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:57:15.0724 2052  sbp2port - ok
11:57:15.0757 2052  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:57:15.0812 2052  SCardSvr - ok
11:57:15.0824 2052  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:57:15.0878 2052  scfilter - ok
11:57:15.0915 2052  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
11:57:16.0006 2052  Schedule - ok
11:57:16.0026 2052  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:57:16.0076 2052  SCPolicySvc - ok
11:57:16.0150 2052  [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater   C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
11:57:16.0201 2052  ScrybeUpdater - ok
11:57:16.0232 2052  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:57:16.0285 2052  SDRSVC - ok
11:57:16.0321 2052  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:57:16.0385 2052  secdrv - ok
11:57:16.0410 2052  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
11:57:16.0479 2052  seclogon - ok
11:57:16.0498 2052  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
11:57:16.0570 2052  SENS - ok
11:57:16.0613 2052  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:57:16.0663 2052  SensrSvc - ok
11:57:16.0691 2052  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:57:16.0727 2052  Serenum - ok
11:57:16.0746 2052  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:57:16.0793 2052  Serial - ok
11:57:16.0807 2052  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:57:16.0835 2052  sermouse - ok
11:57:16.0873 2052  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:57:16.0940 2052  SessionEnv - ok
11:57:16.0967 2052  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:57:17.0021 2052  sffdisk - ok
11:57:17.0028 2052  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:57:17.0075 2052  sffp_mmc - ok
11:57:17.0081 2052  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:57:17.0132 2052  sffp_sd - ok
11:57:17.0163 2052  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:57:17.0203 2052  sfloppy - ok
11:57:17.0236 2052  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:57:17.0303 2052  SharedAccess - ok
11:57:17.0329 2052  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:57:17.0388 2052  ShellHWDetection - ok
11:57:17.0484 2052  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:57:17.0511 2052  sisagp - ok
11:57:17.0554 2052  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:57:17.0581 2052  SiSRaid2 - ok
11:57:17.0595 2052  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:57:17.0623 2052  SiSRaid4 - ok
11:57:17.0653 2052  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:57:17.0717 2052  Smb - ok
11:57:17.0768 2052  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:57:17.0803 2052  SNMPTRAP - ok
11:57:17.0814 2052  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:57:17.0840 2052  spldr - ok
11:57:17.0876 2052  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
11:57:17.0928 2052  Spooler - ok
11:57:18.0020 2052  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
11:57:18.0191 2052  sppsvc - ok
11:57:18.0229 2052  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:57:18.0288 2052  sppuinotify - ok
11:57:18.0323 2052  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:57:18.0372 2052  srv - ok
11:57:18.0395 2052  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:57:18.0441 2052  srv2 - ok
11:57:18.0475 2052  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:57:18.0516 2052  SrvHsfHDA - ok
11:57:18.0550 2052  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:57:18.0618 2052  SrvHsfV92 - ok
11:57:18.0667 2052  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:57:18.0720 2052  SrvHsfWinac - ok
11:57:18.0755 2052  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:57:18.0784 2052  srvnet - ok
11:57:18.0819 2052  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:57:18.0891 2052  SSDPSRV - ok
11:57:18.0906 2052  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:57:18.0971 2052  SstpSvc - ok
11:57:19.0017 2052  Steam Client Service - ok
11:57:19.0044 2052  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:57:19.0071 2052  stexstor - ok
11:57:19.0107 2052  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:57:19.0172 2052  StiSvc - ok
11:57:19.0195 2052  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:57:19.0220 2052  storflt - ok
11:57:19.0239 2052  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
11:57:19.0277 2052  StorSvc - ok
11:57:19.0310 2052  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:57:19.0337 2052  storvsc - ok
11:57:19.0374 2052  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:57:19.0397 2052  swenum - ok
11:57:19.0498 2052  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
11:57:19.0562 2052  swprv - ok
11:57:19.0614 2052  [ 2185CC5BE9922562108CF87F42E4BBAF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:57:19.0665 2052  SynTP - ok
11:57:19.0727 2052  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
11:57:19.0815 2052  SysMain - ok
11:57:19.0851 2052  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:57:19.0905 2052  TabletInputService - ok
11:57:19.0942 2052  [ 11D34FC869F5BDA29949FE3858380894 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
11:57:19.0981 2052  tap0901 - ok
11:57:20.0016 2052  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:57:20.0074 2052  TapiSrv - ok
11:57:20.0101 2052  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
11:57:20.0165 2052  TBS - ok
11:57:20.0225 2052  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:57:20.0315 2052  Tcpip - ok
11:57:20.0381 2052  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:57:20.0437 2052  TCPIP6 - ok
11:57:20.0462 2052  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:57:20.0522 2052  tcpipreg - ok
11:57:20.0546 2052  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:57:20.0601 2052  TDPIPE - ok
11:57:20.0636 2052  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:57:20.0664 2052  TDTCP - ok
11:57:20.0691 2052  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:57:20.0749 2052  tdx - ok
11:57:20.0966 2052  [ 42BA22394C499648C03079742BFA593B ] Te.Service      C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
11:57:20.0993 2052  Te.Service ( UnsignedFile.Multi.Generic ) - warning
11:57:20.0993 2052  Te.Service - detected UnsignedFile.Multi.Generic (1)
11:57:21.0021 2052  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:57:21.0047 2052  TermDD - ok
11:57:21.0090 2052  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
11:57:21.0165 2052  TermService - ok
11:57:21.0200 2052  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
11:57:21.0249 2052  Themes - ok
11:57:21.0273 2052  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
11:57:21.0327 2052  THREADORDER - ok
11:57:21.0344 2052  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
11:57:21.0418 2052  TrkWks - ok
11:57:21.0506 2052  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:57:21.0574 2052  TrustedInstaller - ok
11:57:21.0599 2052  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:57:21.0648 2052  tssecsrv - ok
11:57:21.0685 2052  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:57:21.0732 2052  TsUsbFlt - ok
11:57:21.0773 2052  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:57:21.0838 2052  tunnel - ok
11:57:21.0867 2052  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:57:21.0894 2052  uagp35 - ok
11:57:21.0915 2052  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:57:21.0982 2052  udfs - ok
11:57:22.0023 2052  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:57:22.0064 2052  UI0Detect - ok
11:57:22.0094 2052  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:57:22.0122 2052  uliagpkx - ok
11:57:22.0163 2052  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
11:57:22.0192 2052  umbus - ok
11:57:22.0214 2052  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:57:22.0257 2052  UmPass - ok
11:57:22.0287 2052  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
11:57:22.0336 2052  UmRdpService - ok
11:57:22.0372 2052  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
11:57:22.0453 2052  upnphost - ok
11:57:22.0499 2052  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
11:57:22.0523 2052  USBAAPL - ok
11:57:22.0561 2052  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:57:22.0602 2052  usbccgp - ok
11:57:22.0624 2052  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:57:22.0665 2052  usbcir - ok
11:57:22.0680 2052  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:57:22.0709 2052  usbehci - ok
11:57:22.0743 2052  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:57:22.0776 2052  usbhub - ok
11:57:22.0797 2052  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:57:22.0825 2052  usbohci - ok
11:57:22.0851 2052  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:57:22.0897 2052  usbprint - ok
11:57:22.0912 2052  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:57:22.0962 2052  USBSTOR - ok
11:57:22.0983 2052  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:57:23.0010 2052  usbuhci - ok
11:57:23.0032 2052  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:57:23.0068 2052  usbvideo - ok
11:57:23.0094 2052  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
11:57:23.0146 2052  UxSms - ok
11:57:23.0156 2052  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
11:57:23.0184 2052  VaultSvc - ok
11:57:23.0216 2052  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:57:23.0242 2052  vdrvroot - ok
11:57:23.0287 2052  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
11:57:23.0375 2052  vds - ok
11:57:23.0408 2052  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:57:23.0508 2052  vga - ok
11:57:23.0524 2052  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:57:23.0576 2052  VgaSave - ok
11:57:23.0598 2052  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:57:23.0629 2052  vhdmp - ok
11:57:23.0662 2052  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:57:23.0689 2052  viaagp - ok
11:57:23.0711 2052  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
11:57:23.0750 2052  ViaC7 - ok
11:57:23.0762 2052  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
11:57:23.0789 2052  viaide - ok
11:57:23.0818 2052  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:57:23.0852 2052  vmbus - ok
11:57:23.0865 2052  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:57:23.0894 2052  VMBusHID - ok
11:57:23.0908 2052  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:57:23.0934 2052  volmgr - ok
11:57:23.0950 2052  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:57:23.0984 2052  volmgrx - ok
11:57:24.0011 2052  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:57:24.0043 2052  volsnap - ok
11:57:24.0069 2052  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:57:24.0100 2052  vsmraid - ok
11:57:24.0147 2052  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
11:57:24.0247 2052  VSS - ok
11:57:24.0261 2052  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:57:24.0360 2052  vwifibus - ok
11:57:24.0384 2052  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:57:24.0418 2052  vwififlt - ok
11:57:24.0449 2052  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:57:24.0481 2052  vwifimp - ok
11:57:24.0513 2052  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
11:57:24.0576 2052  W32Time - ok
11:57:24.0605 2052  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:57:24.0640 2052  WacomPen - ok
11:57:24.0680 2052  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:57:24.0741 2052  WANARP - ok
11:57:24.0746 2052  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:57:24.0798 2052  Wanarpv6 - ok
11:57:24.0861 2052  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
11:57:24.0961 2052  wbengine - ok
11:57:24.0989 2052  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:57:25.0038 2052  WbioSrvc - ok
11:57:25.0076 2052  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:57:25.0127 2052  wcncsvc - ok
11:57:25.0141 2052  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:57:25.0196 2052  WcsPlugInService - ok
11:57:25.0230 2052  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:57:25.0256 2052  Wd - ok
11:57:25.0286 2052  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:57:25.0325 2052  Wdf01000 - ok
11:57:25.0343 2052  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:57:25.0421 2052  WdiServiceHost - ok
11:57:25.0427 2052  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:57:25.0463 2052  WdiSystemHost - ok
11:57:25.0518 2052  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
11:57:25.0576 2052  WebClient - ok
11:57:25.0592 2052  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:57:25.0653 2052  Wecsvc - ok
11:57:25.0673 2052  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:57:25.0739 2052  wercplsupport - ok
11:57:25.0777 2052  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:57:25.0848 2052  WerSvc - ok
11:57:25.0872 2052  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:57:25.0929 2052  WfpLwf - ok
11:57:25.0947 2052  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:57:25.0973 2052  WIMMount - ok
11:57:26.0015 2052  [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:57:26.0071 2052  winachsf - ok
11:57:26.0099 2052  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
11:57:26.0136 2052  winbondcir - ok
11:57:26.0188 2052  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:57:26.0257 2052  WinDefend - ok
11:57:26.0270 2052  WinHttpAutoProxySvc - ok
11:57:26.0329 2052  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:57:26.0382 2052  Winmgmt - ok
11:57:26.0439 2052  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
11:57:26.0561 2052  WinRM - ok
11:57:26.0616 2052  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:57:26.0657 2052  WinUsb - ok
11:57:26.0704 2052  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:57:26.0782 2052  Wlansvc - ok
11:57:26.0868 2052  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:57:26.0976 2052  wlidsvc - ok
11:57:27.0013 2052  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:57:27.0055 2052  WmiAcpi - ok
11:57:27.0088 2052  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:57:27.0130 2052  wmiApSrv - ok
11:57:27.0205 2052  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:57:27.0257 2052  WMPNetworkSvc - ok
11:57:27.0287 2052  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:57:27.0340 2052  WPCSvc - ok
11:57:27.0361 2052  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:57:27.0399 2052  WPDBusEnum - ok
11:57:27.0494 2052  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:57:27.0560 2052  ws2ifsl - ok
11:57:27.0579 2052  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
11:57:27.0616 2052  wscsvc - ok
11:57:27.0623 2052  WSearch - ok
11:57:27.0698 2052  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
11:57:27.0808 2052  wuauserv - ok
11:57:27.0835 2052  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:57:27.0887 2052  WudfPf - ok
11:57:27.0910 2052  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:57:27.0980 2052  WUDFRd - ok
11:57:28.0009 2052  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:57:28.0075 2052  wudfsvc - ok
11:57:28.0106 2052  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:57:28.0160 2052  WwanSvc - ok
11:57:28.0183 2052  [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio          C:\Windows\system32\DRIVERS\XAudio32.sys
11:57:28.0207 2052  XAudio - ok
11:57:28.0254 2052  ================ Scan global ===============================
11:57:28.0277 2052  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:57:28.0315 2052  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:57:28.0331 2052  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:57:28.0362 2052  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:57:28.0399 2052  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:57:28.0407 2052  [Global] - ok
11:57:28.0407 2052  ================ Scan MBR ==================================
11:57:28.0422 2052  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:57:28.0861 2052  \Device\Harddisk0\DR0 - ok
11:57:28.0862 2052  ================ Scan VBR ==================================
11:57:28.0866 2052  [ AB878493A346B8414868ECF3F3B3A2D2 ] \Device\Harddisk0\DR0\Partition1
11:57:28.0868 2052  \Device\Harddisk0\DR0\Partition1 - ok
11:57:28.0870 2052  ============================================================
11:57:28.0870 2052  Scan finished
11:57:28.0870 2052  ============================================================
11:57:28.0888 4592  Detected object count: 2
11:57:28.0888 4592  Actual detected object count: 2
11:57:47.0076 4592  libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:47.0076 4592  libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:47.0077 4592  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:47.0077 4592  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 07.10.2012, 18:57

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

wbx32 · 07.10.2012, 20:23

COMBOFIX LOG:

Code:

ATTFilter

ComboFix 12-10-04.02 - Ozan 07.10.2012  21:07:21.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3067.2018 [GMT 2:00]
ausgeführt von:: c:\users\Ozan\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ozan\AppData\Roaming\KW
c:\users\Ozan\AppData\Roaming\KW\bl0001.dat
c:\users\Ozan\AppData\Roaming\KW\bl0002.dat
c:\users\Ozan\AppData\Roaming\KW\bl0003.dat
c:\users\Ozan\AppData\Roaming\KW\bl0004.dat
c:\users\Ozan\AppData\Roaming\KW\bl0005.dat
c:\users\Ozan\AppData\Roaming\KW\bl0006.dat
c:\users\Ozan\AppData\Roaming\KW\bl0007.dat
c:\users\Ozan\AppData\Roaming\KW\bl0008.dat
c:\users\Ozan\AppData\Roaming\KW\bl0009.dat
c:\users\Ozan\AppData\Roaming\KW\bl0010.dat
c:\users\Ozan\AppData\Roaming\KW\bl0011.dat
c:\users\Ozan\AppData\Roaming\KW\bl0012.dat
c:\users\Ozan\AppData\Roaming\KW\bl0013.dat
c:\users\Ozan\AppData\Roaming\KW\bl0014.dat
c:\users\Ozan\AppData\Roaming\KW\bl0015.dat
c:\users\Ozan\AppData\Roaming\KW\bl0016.dat
c:\users\Ozan\AppData\Roaming\KW\bl0017.dat
c:\users\Ozan\AppData\Roaming\KW\bl0018.dat
c:\users\Ozan\AppData\Roaming\KW\bl0019.dat
c:\users\Ozan\AppData\Roaming\KW\bl0020.dat
c:\users\Ozan\AppData\Roaming\KW\bl0021.dat
c:\users\Ozan\AppData\Roaming\KW\bl0022.dat
c:\users\Ozan\AppData\Roaming\KW\bl0023.dat
c:\users\Ozan\AppData\Roaming\KW\bl0024.dat
c:\users\Ozan\AppData\Roaming\KW\bl0025.dat
c:\users\Ozan\AppData\Roaming\KW\bl0026.dat
c:\users\Ozan\AppData\Roaming\KW\bl0027.dat
c:\users\Ozan\AppData\Roaming\KW\bl0028.dat
c:\users\Ozan\AppData\Roaming\KW\bl0029.dat
c:\users\Ozan\AppData\Roaming\KW\bl0030.dat
c:\users\Ozan\AppData\Roaming\KW\bl0031.dat
c:\users\Ozan\AppData\Roaming\KW\bl0032.dat
c:\users\Ozan\AppData\Roaming\KW\bl0033.dat
c:\users\Ozan\AppData\Roaming\KW\bl0034.dat
c:\users\Ozan\AppData\Roaming\KW\bl0035.dat
c:\users\Ozan\AppData\Roaming\KW\bl0036.dat
c:\users\Ozan\AppData\Roaming\KW\bl0037.dat
c:\users\Ozan\AppData\Roaming\KW\bl0038.dat
c:\users\Ozan\AppData\Roaming\KW\bl0039.dat
c:\users\Ozan\AppData\Roaming\KW\bl0040.dat
c:\users\Ozan\AppData\Roaming\KW\black.lst
c:\users\Ozan\AppData\Roaming\KW\bonus.kkll
c:\users\Ozan\AppData\Roaming\KW\max_drv.sys
c:\users\Ozan\AppData\Roaming\KW\unrar.dll
c:\users\Ozan\AppData\Roaming\KW\update.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-07 bis 2012-10-07  ))))))))))))))))))))))))))))))
.
.
2012-10-07 19:18 . 2012-10-07 19:19	--------	d-----w-	c:\users\Ozan\AppData\Local\temp
2012-10-07 19:18 . 2012-10-07 19:18	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-10-07 19:18 . 2012-10-07 19:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-07 15:23 . 2012-10-07 17:12	--------	d-----w-	C:\Symbols
2012-10-06 19:20 . 2012-10-06 19:45	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-10-06 17:48 . 2012-10-06 17:48	--------	d-----w-	C:\_OTL
2012-10-05 19:48 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8D6842D-0F3D-4898-A513-A03BD5F1762A}\mpengine.dll
2012-10-05 18:07 . 2012-10-05 18:07	--------	d-----w-	c:\program files\Common Files\Microsoft
2012-10-05 18:06 . 2012-10-05 18:06	--------	d-----w-	c:\program files\Windows Kits
2012-10-05 17:57 . 2012-10-05 18:05	--------	d-----w-	c:\programdata\Package Cache
2012-10-04 20:51 . 2012-10-04 20:51	--------	d-----w-	c:\users\Ozan\AppData\Local\Secunia PSI
2012-10-04 20:51 . 2012-10-04 20:51	--------	d-----w-	c:\program files\Secunia
2012-10-04 20:21 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-09-30 00:45 . 2012-09-30 00:45	--------	d-----w-	c:\users\Ozan\AppData\Roaming\Malwarebytes
2012-09-30 00:45 . 2012-09-30 00:45	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-26 12:18 . 2012-08-21 20:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-24 17:56 . 2012-10-05 10:41	--------	d-----w-	c:\program files\Common Files\Steam
2012-09-24 17:56 . 2012-10-07 15:12	--------	d-----w-	c:\program files\Steam
2012-09-24 13:04 . 2012-09-24 13:04	--------	d-----w-	c:\program files\2K Games
2012-09-21 22:56 . 2012-08-24 07:34	140936	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-09-21 22:17 . 2012-09-21 22:17	--------	d-----w-	c:\program files\Common Files\Java
2012-09-21 22:17 . 2012-09-21 22:17	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-16 09:40 . 2012-08-21 11:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 09:39 . 2012-09-16 09:39	--------	d-----w-	c:\program files\iPod
2012-09-16 09:38 . 2012-09-16 09:39	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-16 09:38 . 2012-09-16 09:39	--------	d-----w-	c:\program files\iTunes
2012-09-12 17:44 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 17:44 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 17:44 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 17:44 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 17:44 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 17:44 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-08 15:26 . 2012-09-08 15:26	--------	d-----w-	c:\program files\drahtwerk
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-04 18:12 . 2012-03-29 14:49	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-04 18:12 . 2012-03-07 02:26	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 22:17 . 2012-03-12 22:17	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-21 22:17 . 2012-03-07 02:19	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-21 11:01 . 2012-08-21 11:01	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-07-27 20:51 . 2012-07-27 20:51	47512	----a-w-	c:\windows\system32\AdobePDF.dll
2012-07-27 20:51 . 2012-07-27 20:51	22936	----a-w-	c:\windows\system32\AdobePDFUI.dll
2012-07-18 17:47 . 2012-08-15 09:23	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-18 16:23 . 2012-07-17 21:56	139848	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-07-18 16:23 . 2012-07-18 16:23	282696	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-07-18 16:23 . 2012-05-06 14:01	282696	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-07-17 21:56 . 2012-07-17 21:56	138904	----a-w-	c:\users\Ozan\AppData\Roaming\PnkBstrK.sys
2012-07-17 21:56 . 2012-05-06 14:01	189248	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-07-17 21:56 . 2012-05-06 14:01	76888	----a-w-	c:\windows\system32\PnkBstrA.exe
2012-09-06 01:26 . 2012-09-23 15:47	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Ozan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Ozan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Ozan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\Steam.exe" [2012-09-24 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"LicenseProxy"="c:\program files\LicenseProxy\LicenseProxy.exe" [2012-02-26 292352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
.
c:\users\Ozan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MotDViewer.lnk - c:\windows\System32\javaw.exe [2012-9-22 174056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-3-7 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Ozan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Ozan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 16:22	91520	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19	3671872	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-22 12:01]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-22 12:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ozan\AppData\Roaming\Mozilla\Firefox\Profiles\2y409ch6.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKLM-Run-Driver Genius - (no file)
MSConfigStartUp-PowerDVD12Agent - c:\program files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
MSConfigStartUp-PowerDVD12DMREngine - c:\program files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
MSConfigStartUp-RIMBBLaunchAgent - c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##filer1.hs-esslingen.de#work]
@DACL=(02 0000)
"_CommentFromDesktopINI"=""
"_LabelFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##filer2.hs-esslingen.de#public]
@DACL=(02 0000)
"_CommentFromDesktopINI"=""
"_LabelFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf09-67c5-11e1-b9ac-806e6f6e6963}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf0c-67c5-11e1-b9ac-806e6f6e6963}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf15-67c5-11e1-b9ac-806e6f6e6963}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dfc8004-6f6a-11e1-a29b-00238b5ed3d9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f63bc3b-684c-11e1-b9e7-00238b5ed3d9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e691f93-8636-11e1-a35d-00238b5ed3d9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c1b65e-9298-11e1-a1f2-00238b5ed3d9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4237396834-4016416428-3805799152-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87897c7-84c2-11e1-a3d1-00238b5ed3d9}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
   00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
Zeit der Fertigstellung: 2012-10-07  21:21:34
ComboFix-quarantined-files.txt  2012-10-07 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 232.512.303.104 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 232.406.716.416 Bytes frei
.
- - End Of File - - A6B5A39A0208D3378038B1269910CBFC

cosinus · 07.10.2012, 20:47

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

wbx32 · 09.10.2012, 13:45

Der Log von OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:50:52 on 09.10.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Ozan\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - ? - C:\Program Files\Launch Manager\DPortIO.sys  (File not found)
"LibUsb-Win32 - Kernel Driver, Version 0.1.12.2" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\Windows\System32\drivers\libusb0.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Workspaces" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Ozan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"MotDViewer.lnk" - "Oracle Corporation" - C:\Windows\System32\javaw.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Scrybe.lnk" - "Synaptics Incorporated" - C:\Program Files\Synaptics\Scrybe\scrybe.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam" - "Valve Corporation" - "C:\Program Files\Steam\Steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avp" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LicenseProxy" - "MAFIA" - "C:\Program Files\LicenseProxy\LicenseProxy.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage-Technologie" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Scrybe-Updateprogramm" (ScrybeUpdater) - "Synaptics, Inc." - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Te.Service" (Te.Service) - "Microsoft Corporation" - C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Hier der Log von GMER

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-09 13:58:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006b ATA_____ rev.0303
Running: 55t4guxr.exe; Driver: C:\Users\Ozan\AppData\Local\Temp\kxldapog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwAdjustPrivilegesToken [0x91D5128A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwAlpcConnectPort [0x91D6B342]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwAlpcCreatePort [0x91D6B678]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwAlpcSendWaitReceivePort [0x91D6B9EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwClose [0x91D51D04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwConnectPort [0x91D6B02A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateEvent [0x91D52276]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateMutant [0x91D52164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreatePort [0x91D6B4E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateSection [0x91D51046]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateSemaphore [0x91D5238E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateThread [0x91D518BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateThreadEx [0x91D51A2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateUserProcess [0x91D524A6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwCreateWaitablePort [0x91D6B5B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwDebugActiveProcess [0x91D5274E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwDeviceIoControlFile [0x91D51D46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwDuplicateObject [0x91D53750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwLoadDriver [0x91D52840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwMapViewOfSection [0x91D52DAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwNotifyChangeKey [0x91D69840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwOpenEvent [0x91D52308]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwOpenMutant [0x91D521F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwOpenProcess [0x91D514C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwOpenSection [0x91D52B90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwOpenSemaphore [0x91D52420]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwOpenThread [0x91D513B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwQueryDirectoryObject [0x91D5255C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwQueryObject [0x91D69A38]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwQuerySection [0x91D530D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwQueueApcThread [0x91D529E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwReplyPort [0x91D6B7DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwReplyWaitReceivePort [0x91D6B72A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwRequestWaitReplyPort [0x91D6B848]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwResumeThread [0x91D535F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwSecureConnectPort [0x91D6B1B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwSetContextThread [0x91D51BA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwSetInformationToken [0x91D525FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwSetSystemInformation [0x91D53222]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwSuspendProcess [0x91D53316]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwSuspendThread [0x91D53450]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwSystemDebugControl [0x91D52670]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwTerminateProcess [0x91D51664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwTerminateThread [0x91D515BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwUnmapViewOfSection [0x91D52F8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                                                            ZwWriteVirtualMemory [0x91D51750]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                        82E403C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                          82E79D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                                                             82E80D8C 4 Bytes  [8A, 12, D5, 91] {MOV DL, [EDX]; AAD 0x91}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                                             82E80DB4 8 Bytes  [42, B3, D6, 91, 78, B6, D6, ...] {INC EDX; MOV BL, 0xd6; XCHG ECX, EAX; JS 0xffffffffffffffbc; SALC ; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                                                             82E80DF8 4 Bytes  [EE, B9, D6, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                                                             82E80E24 4 Bytes  [04, 1D, D5, 91] {ADD AL, 0x1d; AAD 0x91}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                                                             82E80E48 4 Bytes  [2A, B0, D6, 91]
.text           ...                                                                                                                                             

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2748] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2748] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2748] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2748] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2748] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]   [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4708] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]          [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4708] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]         [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4708] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]        [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4708] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]       [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4708] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]        [7553FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                         Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                         Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000052                                                                                                               halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                       kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Threads - GMER 1.0.15 ----

Thread          System [4:5148]                                                                                                                                 B5851F2E

---- Registry - GMER 1.0.15 ----

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##filer1.hs-esslingen.de#work@_CommentFromDesktopINI                       
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##filer1.hs-esslingen.de#work@_LabelFromDesktopINI                         
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##filer2.hs-esslingen.de#public@_CommentFromDesktopINI                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##filer2.hs-esslingen.de#public@_LabelFromDesktopINI                       
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume                                                                 
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf0c-67c5-11e1-b9ac-806e6f6e6963}\Name                                
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf0c-67c5-11e1-b9ac-806e6f6e6963}\Name@SetWorkingDirectoryFromTarget  
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf0c-67c5-11e1-b9ac-806e6f6e6963}\Name@                               GRAW2_INST
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf0c-67c5-11e1-b9ac-806e6f6e6963}\_Autorun                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf0c-67c5-11e1-b9ac-806e6f6e6963}\_Autorun\DefaultIcon                
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dddcf0c-67c5-11e1-b9ac-806e6f6e6963}\_Autorun\DefaultIcon@               D:\SETUP.EXE,0
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dfc8004-6f6a-11e1-a29b-00238b5ed3d9}\shell                               
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dfc8004-6f6a-11e1-a29b-00238b5ed3d9}\shell@                              None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dfc8004-6f6a-11e1-a29b-00238b5ed3d9}\shell\Autoplay                      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dfc8004-6f6a-11e1-a29b-00238b5ed3d9}\shell\Autoplay@MUIVerb              @shell32.dll,-8507
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dfc8004-6f6a-11e1-a29b-00238b5ed3d9}\shell\Autoplay\DropTarget           
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dfc8004-6f6a-11e1-a29b-00238b5ed3d9}\shell\Autoplay\DropTarget@CLSID     {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f63bc3b-684c-11e1-b9e7-00238b5ed3d9}\shell                               
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f63bc3b-684c-11e1-b9e7-00238b5ed3d9}\shell@                              None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f63bc3b-684c-11e1-b9e7-00238b5ed3d9}\shell\Autoplay                      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f63bc3b-684c-11e1-b9e7-00238b5ed3d9}\shell\Autoplay@MUIVerb              @shell32.dll,-8507
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f63bc3b-684c-11e1-b9e7-00238b5ed3d9}\shell\Autoplay\DropTarget           
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f63bc3b-684c-11e1-b9e7-00238b5ed3d9}\shell\Autoplay\DropTarget@CLSID     {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e691f93-8636-11e1-a35d-00238b5ed3d9}\shell                               
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e691f93-8636-11e1-a35d-00238b5ed3d9}\shell@                              None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e691f93-8636-11e1-a35d-00238b5ed3d9}\shell\Autoplay                      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e691f93-8636-11e1-a35d-00238b5ed3d9}\shell\Autoplay@MUIVerb              @shell32.dll,-8507
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e691f93-8636-11e1-a35d-00238b5ed3d9}\shell\Autoplay\DropTarget           
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e691f93-8636-11e1-a35d-00238b5ed3d9}\shell\Autoplay\DropTarget@CLSID     {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c1b65e-9298-11e1-a1f2-00238b5ed3d9}\shell                               
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c1b65e-9298-11e1-a1f2-00238b5ed3d9}\shell@                              None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c1b65e-9298-11e1-a1f2-00238b5ed3d9}\shell\Autoplay                      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c1b65e-9298-11e1-a1f2-00238b5ed3d9}\shell\Autoplay@MUIVerb              @shell32.dll,-8507
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c1b65e-9298-11e1-a1f2-00238b5ed3d9}\shell\Autoplay\DropTarget           
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c1b65e-9298-11e1-a1f2-00238b5ed3d9}\shell\Autoplay\DropTarget@CLSID     {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\Name                                
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\Name@SetWorkingDirectoryFromTarget  
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\Name@                               Bastion
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\_Autorun                            
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\_Autorun\DefaultIcon                
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\_Autorun\DefaultIcon@               E:\Borderlands2.ico
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\_Autorun\DefaultLabel               
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c832ad1d-96b0-11e1-a62e-00238b5ed3d9}\_Autorun\DefaultLabel@              Borderlands 2
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87897c7-84c2-11e1-a3d1-00238b5ed3d9}\shell                               
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87897c7-84c2-11e1-a3d1-00238b5ed3d9}\shell@                              None
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87897c7-84c2-11e1-a3d1-00238b5ed3d9}\shell\Autoplay                      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87897c7-84c2-11e1-a3d1-00238b5ed3d9}\shell\Autoplay@MUIVerb              @shell32.dll,-8507
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87897c7-84c2-11e1-a3d1-00238b5ed3d9}\shell\Autoplay\DropTarget           
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87897c7-84c2-11e1-a3d1-00238b5ed3d9}\shell\Autoplay\DropTarget@CLSID     {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

---- EOF - GMER 1.0.15 ----

aswMBR.exe stürzt bei mir ab nach wenigen sekunden wenn ich den scan starte

cosinus · 09.10.2012, 15:21

Zitat:

aswMBR.exe stürzt bei mir ab nach wenigen sekunden wenn ich den scan starte

Ganz unten in meiner Anleitung gab es extra einen Hinweis für diesen Fall

wbx32 · 09.10.2012, 16:56

Hier der aswMBR log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 17:53:16
-----------------------------
17:53:16.476    OS Version: Windows 6.1.7601 Service Pack 1
17:53:16.476    Number of processors: 2 586 0x170A
17:53:16.481    ComputerName: OZAN-PC  UserName: Ozan
17:53:23.959    Initialize success
17:53:35.456    AVAST engine defs: 12100900
17:53:47.276    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
17:53:47.280    Disk 0 Vendor: ATA_____ 0303 Size: 305245MB BusType: 11
17:53:47.295    Disk 0 MBR read successfully
17:53:47.299    Disk 0 MBR scan
17:53:47.306    Disk 0 Windows 7 default MBR code
17:53:47.320    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305243 MB offset 2048
17:53:47.340    Disk 0 scanning sectors +625139712
17:53:47.504    Disk 0 scanning C:\Windows\system32\drivers
17:54:05.720    Service scanning
17:54:21.007    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
17:54:21.060    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
17:54:21.193    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
17:54:21.253    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
17:54:46.719    Modules scanning
17:54:59.410    Disk 0 trace - called modules:
17:54:59.422    
17:54:59.431    Scan finished successfully
17:55:18.335    Disk 0 MBR has been saved successfully to "C:\Users\Ozan\Desktop\MBR.dat"
17:55:18.351    The log file has been saved successfully to "C:\Users\Ozan\Desktop\aswMBR.txt"

cosinus · 09.10.2012, 18:52

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

05.10.2012, 18:08	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mystart.Incredibar Irgendwas stimmt mit dem Log nicht. Mach es bitte nochmal neu. __________________ __________________

09.10.2012, 18:52	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mystart.Incredibar Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Mystart.Incredibar

Plagegeister aller Art und deren Bekämpfung: Mystart.Incredibar