12 KB Verschlüsselungstrojaner

Onesirow0202 · 24.02.2013, 22:20

Guten Abend,
Ich habe mir den 12KB Verschlüsselungstrojaner über eine Fake E-Mail eingefangen.
Erstes Anzeichen war das auf dem Bildschirm auftauchte,
"Dieser Computer wurde durch das BKA gesperrt"
und ich müsste eine bestimmte Summe bezahlen damit mein PC wieder freigeschaltet wird.
Ich bin dann über meinen Laptop ins Internet gegangen
und konnte so per Anleitung mir erstmal helfen,
dass ich wieder auf den Rechner zugreifen konnte.
Dann habe ich das Programm Malwarebytes ausgeführt und
alles gelöscht was es gefunden hat.
Jetzt sind alle Dateien verschlüsselt (QgyEjLyEjLyQgJruOJruO).
Auf der Festplatte C: konnte ich alles über die Option Frühere Version wieder herstellen,
nur auf meinen 2 anderen Festplatten ist alles noch Verschlüsselt.
Dort habe ich z.B. Urlaubsvideos gespeichert
und bei diesen ist es schwer noch an ein Backup zu kommen.
Ich habe die E-Mail noch in meinem Account gespeichert samt Anhang,
nur weis ich nicht wie ich die gesamte E-Mail mit Anhang speichern soll.
Habe mich auch schon per PN an Herrn MarkusG gewand.

Ich bedanke mich hiermit schon einmal

Mfg Onesirow0202

Ps.: Hier ist noch die Log von Malwarebytes als Anhang im .txt Format

cosinus · 24.02.2013, 22:24

Hallo und

Zitat:

nur auf meinen 2 anderen Festplatten ist alles noch Verschlüsselt.
Dort habe ich z.B. Urlaubsvideos gespeichert

Zum Thema Verschlüsselungstrojaner haben wir oben extra einen Hinweis angepinnt!

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:

3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln:Übersicht der 8 Entschlüsselungs-Tools
ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner

Wenn das keine einfache Verschlüsselung mit "locked-" im Dateinamen ist, sollte man sich um Datenrettung und nicht um Entschlüsselung kümmern!
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

Onesirow0202 · 24.02.2013, 22:28

@ cosinus
das ist ja das Problem man merkt so etwas immer dann wenn es zu spät ist.

Wie ich ja schon geschrieben habe ist bei mir ohne Locked (leider)

Mfg Onesirow0202

cosinus · 24.02.2013, 22:31

Und was soll ich da jetzt machen?
Ich kann deine Daten auch nicht mehr herzaubern
Entschlüsseln kannste vergessen, da geht nicht und es gibt auch kein Tools dafür.
Jetzt helfen nur noch Schattenkopien (wenn aktiv) oder ein Backup was früher gemacht wurde

Onesirow0202 · 24.02.2013, 22:42

@ cosinus
da denke ich kann kaum Jemand was machen.
Es sollte sich auch bestimmt nicht so anhören nur als erstes liest man ja oben das man das mit dem Log File und seinem Prolem posten soll.

Mfg Onesirow0202

cosinus · 24.02.2013, 22:45

Was hast du denn jetzt vor? Willst du das System putzen oder plätten und komplett neu installieren?

Onesirow0202 · 24.02.2013, 22:52

Genau da bin ich mit mir noch am hardern weil das Betriebssystem wieder ohne Probleme am laufen ist.

Mfg Onesirow0202

cosinus · 24.02.2013, 23:00

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Onesirow0202 · 24.02.2013, 23:37

So hier sind ein mal die gewünschten Log Files

Code:

ATTFilter

OTL logfile created on: 24.02.2013 23:05:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\**************\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,29% Memory free
4,00 Gb Paging File | 2,21 Gb Available in Paging File | 55,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 425,86 Gb Free Space | 91,43% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 71,65 Gb Free Space | 15,38% Space Free | Partition Type: NTFS
Drive E: | 2,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 152,66 Gb Total Space | 112,98 Gb Free Space | 74,01% Space Free | Partition Type: NTFS
 
Computer Name: ************* | User Name: ************* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\**************\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\**************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Users\Moritz Weidner\AppData\Local\Temp\Traymonitor.exe ()
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\**************\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Users\Moritz Weidner\AppData\Local\Temp\Traymonitor.exe ()
MOD - C:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe ()
MOD - C:\Program Files (x86)\ASUS\AI Suite\Q-Button\vvc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite\Q-Button\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite\Q-Button\AiNap.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sesvc) -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 31 5B D0 AE 12 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\*******~1\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
 
[2013.02.01 20:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******* *******\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.15 18:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\******* *******\AppData\Roaming\mozilla\firefox\profiles\extensions\socksharedownloader@socksharedownloader.com.xpi
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?CUI=UN10949300601796513&ctid=CT2653012&SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN10949300601796513&ctid=CT2653012
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.conduit.com/?CUI=UN10949300601796513&ctid=CT2653012&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Moritz Weidner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\**************\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Yontoo = C:\Users\**************\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Socksharedownloader = C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlfohjgijhjlpidbbnmcdooegafnnnm\1.0_0\
CHR - Extension: Google Mail = C:\Users\**************\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AutoLoader] "C:\Users\MORITZ~1\AppData\Local\Temp\Traymonitor.exe" File not found
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Spotify] C:\Users\**************\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\******* *******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\**************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\**************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2B7E4CC-CCE2-419D-AA63-46387A8EA9A2}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.30 23:56:29 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.24 21:37:58 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\Programs
[2013.02.24 19:45:57 | 000,000,000 | ---D | C] -- C:\Users\**************\Desktop\Neuer Ordner (5)
[2013.02.24 17:47:12 | 000,000,000 | ---D | C] -- C:\Users\**************\Desktop\Neuer Ordner
[2013.02.24 17:16:16 | 000,000,000 | ---D | C] -- C:\Users\Moritz Weidner\Doctor Web
[2013.02.24 16:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013.02.24 16:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.02.24 16:45:49 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\www.shadowexplorer.com
[2013.02.24 16:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2013.02.24 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2013.02.24 14:42:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.02.24 14:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.02.24 14:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.02.24 14:38:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.24 14:38:43 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\MFAData
[2013.02.24 14:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.02.24 14:38:43 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\Avg2013
[2013.02.18 18:22:51 | 000,000,000 | ---D | C] -- C:\Users\******* *******\Documents\OpenTTD
[2013.02.18 18:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
[2013.02.18 18:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenTTD
[2013.02.12 13:52:01 | 000,000,000 | ---D | C] -- C:\Users\**************\Desktop\Neuer Ordner (3)
[2013.02.12 12:40:56 | 000,000,000 | ---D | C] -- C:\Users\**************\Desktop\Neuer Ordner (2)
[2013.02.12 00:20:52 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\FlashGet
[2013.02.12 00:20:46 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet
[2013.02.12 00:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet
[2013.02.09 12:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013.02.09 12:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2013.02.09 12:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Codec Pack
[2013.02.06 22:31:40 | 000,000,000 | ---D | C] -- C:\Users\******* *******\Desktop\qotrdecoder-win32-0.0.247-r1132
[2013.02.06 21:21:02 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\Logitech® Webcam-Software
[2013.02.06 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\LogiShrd
[2013.02.06 21:10:20 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\Leadertech
[2013.02.06 21:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013.02.06 21:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.02.06 21:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2013.02.06 21:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.02.06 21:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2013.02.06 21:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2013.02.06 21:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.02.06 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\ooVoo Details
[2013.02.06 21:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2013.02.06 21:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2013.02.06 19:08:07 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\WinRAR
[2013.02.06 19:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.06 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.06 19:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.06 18:17:10 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2013.02.06 18:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.02.03 20:51:37 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\Microsoft Games
[2013.02.02 12:21:47 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\Spotify
[2013.02.02 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\Spotify
[2013.02.01 20:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.02.01 20:43:32 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\PutLockerDownloader
[2013.02.01 20:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.01 20:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SockshareDownloader
[2013.02.01 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\Mozilla
[2013.02.01 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SockshareDownloader.com
[2013.02.01 15:10:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.01 15:10:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.01 15:10:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.28 21:38:42 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Local\CRE
[2013.01.28 21:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2013.01.28 21:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giraffic
[2013.01.28 21:37:52 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veoh Networks, Inc
[2013.01.28 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2013.01.28 15:44:10 | 000,000,000 | ---D | C] -- C:\Users\******* *******\AppData\Roaming\OpenOffice.org
[2013.01.28 15:43:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
[2013.01.28 15:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.01.28 15:40:57 | 000,000,000 | ---D | C] -- C:\Users\******* *******\Desktop\OpenOffice.org 3.2 (de) Installation Files
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.24 23:03:06 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.02.24 23:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.24 22:56:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.24 22:28:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.24 22:28:52 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.24 22:28:52 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.24 22:28:52 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.24 22:28:52 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.24 22:23:15 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.24 22:23:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.24 22:22:55 | 1609,961,472 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.24 16:50:22 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.02.24 16:45:35 | 000,001,885 | ---- | M] () -- C:\Users\******* *******\Desktop\ShadowExplorer.lnk
[2013.02.18 18:22:35 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2013.02.12 10:15:43 | 000,001,108 | ---- | M] () -- C:\Users\****** *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.02.12 00:20:46 | 000,001,007 | ---- | M] () -- C:\Users\****** *******\Desktop\FlashGet.lnk
[2013.02.07 21:51:47 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.07 21:51:47 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 21:10:57 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2013.02.06 21:09:01 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2013.02.06 21:01:28 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013.02.06 18:21:04 | 000,000,910 | ---- | M] () -- C:\Users\****** *******\Desktop\Windows Mobile-Gerätecenter.lnk
[2013.02.06 18:18:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.06 16:29:40 | 000,001,786 | ---- | M] () -- C:\Users\****** *******\Desktop\2009Decoder - Verknüpfung.lnk
[2013.02.03 15:45:17 | 000,002,355 | ---- | M] () -- C:\Windows\unins000.dat
[2013.02.03 15:45:14 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013.02.02 12:21:46 | 000,001,812 | ---- | M] () -- C:\Users\****** *******\Desktop\Spotify.lnk
[2013.01.28 21:38:47 | 000,000,009 | ---- | M] () -- C:\END
[2013.01.28 21:37:52 | 000,002,211 | ---- | M] ()  C:\Users\*************\Desktop\Veoh Web Player.lnk
[2013.01.28 21:20:43 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.28 15:44:48 | 000,001,235 | ---- | M] () -- C:\Users\Moritz Weidner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2013.01.28 15:43:26 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2013.01.27 19:15:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.02.24 20:41:34 | 000,000,195 | ---- | C] () -- C:\Users\****** *******\Desktop\QuickStores.url
[2013.02.24 16:50:22 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.02.24 16:45:35 | 000,001,885 | ---- | C] () -- C:\Users\****** *******\Desktop\ShadowExplorer.lnk
[2013.02.18 18:22:35 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2013.02.12 10:15:43 | 000,001,108 | ---- | C] () -- C:\Users\****** *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.02.12 00:20:46 | 000,001,007 | ---- | C] () -- C:\Users\****** *******\Desktop\FlashGet.lnk
[2013.02.09 12:19:37 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2013.02.09 12:19:37 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.02.09 12:19:37 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2013.02.09 12:19:37 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.02.09 12:19:37 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2013.02.09 12:19:37 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013.02.06 21:10:57 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2013.02.06 21:09:01 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2013.02.06 21:01:28 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013.02.06 18:21:04 | 000,000,910 | ---- | C] () -- C:\Users\****** *******\Desktop\Windows Mobile-Gerätecenter.lnk
[2013.02.06 18:18:51 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2013.02.06 18:18:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.06 16:29:40 | 000,001,786 | ---- | C] () -- C:\Users\****** *******\Desktop\2009Decoder - Verknüpfung.lnk
[2013.02.03 15:45:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013.02.03 15:45:17 | 000,002,355 | ---- | C] () -- C:\Windows\unins000.dat
[2013.02.02 12:21:47 | 000,001,798 | ---- | C] () -- C:\Users\****** *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.02.02 12:21:46 | 000,001,812 | ---- | C] () -- C:\Users\****** *******\Desktop\Spotify.lnk
[2013.01.28 21:38:29 | 000,000,009 | ---- | C] () -- C:\END
[2013.01.28 21:37:52 | 000,002,211 | ---- | C] () -- C:\Users\*************\Desktop\Veoh Web Player.lnk
[2013.01.28 15:44:48 | 000,001,235 | ---- | C] () -- C:\Users\****** *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2013.01.28 15:43:26 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2013.01.27 19:15:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.14 16:43:30 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013.01.14 16:43:30 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013.01.14 16:39:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.01.14 16:34:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013.01.14 16:34:26 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.01.14 16:25:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.12 00:20:52 | 000,000,000 | ---D | M] -- C:\Users\***** *******\AppData\Roaming\FlashGet
[2013.02.06 21:10:20 | 000,000,000 | ---D | M] -- C:\Users\***** *******\AppData\Roaming\Leadertech
[2013.02.06 21:01:39 | 000,000,000 | ---D | M] -- C:\Users\***** *******\AppData\Roaming\ooVoo Details
[2013.01.28 15:44:10 | 000,000,000 | ---D | M] -- C:\Users\***** *******\AppData\Roaming\OpenOffice.org
[2013.01.14 17:38:33 | 000,000,000 | ---D | M] -- C:\Users\***** *******\AppData\Roaming\QuickStoresToolbar
[2013.02.24 22:23:47 | 000,000,000 | ---D | M] -- C:\Users\***** *******\AppData\Roaming\Spotify
[2013.02.24 16:45:49 | 000,000,000 | ---D | M] -- C:\Users\***** *******\AppData\Roaming\www.shadowexplorer.com
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 24.02.2013 23:05:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Moritz Weidner\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,29% Memory free
4,00 Gb Paging File | 2,21 Gb Available in Paging File | 55,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 425,86 Gb Free Space | 91,43% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 71,65 Gb Free Space | 15,38% Space Free | Partition Type: NTFS
Drive E: | 2,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 152,66 Gb Total Space | 112,98 Gb Free Space | 74,01% Space Free | Partition Type: NTFS
 
Computer Name: ************* | User Name: ************* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2243EDA9-77F0-4BF6-9BEA-F6957BB2DF4C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{298BA250-FB8C-4B31-9F96-D0492E3B2151}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2CCAE2A9-5963-4EA5-A5E5-56993AFFA7E4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2D94317F-E52F-48F1-88A7-51B93685D2F3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{39780D52-1987-416A-8150-9B5D5031E8B3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{608B7567-CE79-4666-9334-9D0E1682DE25}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{654E7646-0590-407C-A12E-E3733AF5EFBB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7465D74F-B86A-4D2F-B129-F28D26E7F6AD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9B7D76D1-8B58-4D8F-B176-EB1987AE8562}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B19388AE-C30B-40B3-8022-5CF0909AE9BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B1B9070E-239F-4171-9188-BCB3F825D7FB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B3E2A9E4-09E0-4A4E-B0D0-C8F5D1921A74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BDFB6A61-2767-4EED-B69E-4C758AB0C8A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E065DBDB-C3BB-4616-92DE-A1D57F196C4F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{E0E59AD6-68B0-4F1D-8E5B-1EF771D37229}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{EDF62D56-557A-484D-BAA5-BDDAE8F27F6D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F24A1F36-DCD8-4B95-A10E-3CA81E917850}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF7CA30A-2F57-4268-8247-82236BBBB8C6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB85317-DEF5-4F90-8615-9120C63ECAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{123EC797-050E-4949-91F4-A52A5619F48E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{468C205C-0C42-4FC6-A757-C9E72EE8EE52}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4713DD1D-8FFB-47F3-A901-6291D3E29DB6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{61F9AF04-2ADE-4737-9EC2-1F6F57E2797B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{678E2D83-3718-4AA9-951B-098C8E03C100}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{69731983-E876-441B-9C1C-D91320F234D2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{82A1B349-657E-45AA-A6BF-9148855ECD66}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8C0E9D77-08FB-4E30-864F-43C312AC8C13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DC22070-A165-4B5E-8667-C80BB43BE36B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{9109E53F-2E30-4BCE-A38B-8CC344A5B127}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{9501D0E9-2BE7-418A-BC29-1A6B90F4EEA6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C3C8064B-B666-41C4-87B8-F40A79610D53}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C4628B42-8399-459E-A81C-C092963BBF46}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CEC107A3-9381-4CF7-97BF-5EA1FE63337D}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{DC4F2DB0-1B06-41D6-B0F6-05F4C7F6A304}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E41899C1-DD47-4176-90C4-B3042E2F89AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ECC0D43B-BA1A-41A3-8FB1-C495B1511830}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EE206B8B-9971-4EF9-A1AF-856A53223C4E}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{F475FC42-5931-4F12-884E-945CDC12441C}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"TCP Query User{08B34C0B-E5F7-492A-B3D4-9F71394AA7CF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"TCP Query User{33B84C85-2286-4196-888F-3070508DEC3D}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"TCP Query User{66BE2F7D-303B-4549-A920-FDC9248600C5}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"TCP Query User{76ED9430-527E-4EF5-859F-B6ECF70DA2D8}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{9FB0E348-476C-497B-A12F-4D3E4856FBF4}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
"TCP Query User{EE8D0A0A-3B44-4CA4-B208-AECAA88CEF03}C:\users\moritz weidner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\moritz weidner\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{0BE0D0DC-4D68-4140-A4B1-DA57794F0FD7}C:\users\moritz weidner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\moritz weidner\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{11A9D442-9298-4749-A65C-8970533B64D4}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"UDP Query User{31ED3A4F-2F05-440E-B45A-7CD91A0657BA}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"UDP Query User{50FA4051-7291-4622-B2D0-C984AE5C0E7F}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{EB39014B-9CC5-4631-B211-1180008A0154}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"UDP Query User{EC6579C6-3909-4077-AAFB-7DA9B605C6E1}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1ClickDownload" = SockshareDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FlashGet" = FlashGet 1.9.6.1073
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Logitech Vid" = Logitech Vid HD
"OpenTTD" = OpenTTD 1.2.0${APPV_EXTRA}
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"ShadowExplorer_is1" = ShadowExplorer 0.9
"Star Trek Online" = Star Trek Online
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.5
"Windows Codec Pack1.0" = Windows Codec Pack
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.02.2013 11:15:38 | Computer Name = ************** | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 24.02.2013 11:20:55 | Computer Name = ************** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: kdbsync.exe, Version: 0.0.0.0, Zeitstempel:
 0x4f67a718  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0xb14  Startzeit der fehlerhaften Anwendung: 0x01ce12a272a3cb30  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe  Pfad des fehlerhaften 
Moduls: unknown  Berichtskennung: c8021a00-7e95-11e2-917d-002618afda58
 
Error - 24.02.2013 11:47:28 | Computer Name = ************** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Moritz
 Weidner\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe". Fehler in
Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 24.02.2013 11:47:28 | Computer Name = ************** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*******
 *******\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 24.02.2013 11:51:40 | Computer Name = ************** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\SoftonicDownloader_fuer_windows-live-messenger.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 24.02.2013 15:31:45 | Computer Name = ************** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "\\localhost\C$\@GMT-2013.02.20-08.06.38\Users\*******
 *******\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe". Fehler in
Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 24.02.2013 15:31:45 | Computer Name = ************** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "\\localhost\C$\@GMT-2013.02.20-08.06.38\Users\*******
 *******\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 24.02.2013 15:34:32 | Computer Name = ************** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "\\localhost\C$\@GMT-2013.02.16-12.59.14\Users\*******
 *******\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe". Fehler in
Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 24.02.2013 15:34:32 | Computer Name = ************** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "\\localhost\C$\@GMT-2013.02.16-12.59.14\Users\*******
 *******\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 24.02.2013 17:23:35 | Computer Name = ************** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: kdbsync.exe, Version: 0.0.0.0, Zeitstempel:
 0x4f67a718  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0xcbc  Startzeit der fehlerhaften Anwendung: 0x01ce12d52f021250  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe  Pfad des fehlerhaften 
Moduls: unknown  Berichtskennung: 71d556f0-7ec8-11e2-bb9b-002618afda58
 
[ System Events ]
Error - 24.02.2013 11:14:25 | Computer Name = ************** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.02.2013 11:14:25 | Computer Name = ************** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.02.2013 11:14:25 | Computer Name = ************** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.02.2013 11:14:40 | Computer Name = ************** | Source = DCOM | ID = 10005
Description = 
 
Error - 24.02.2013 11:22:10 | Computer Name = ************** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.02.2013 13:24:09 | Computer Name = ************** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.02.2013 15:08:26 | Computer Name = ************** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 24.02.2013 15:08:41 | Computer Name = ************** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 24.02.2013 15:08:56 | Computer Name = ************** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 24.02.2013 17:25:18 | Computer Name = ************** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >

Mfg Onesirow0202

cosinus · 25.02.2013, 10:13

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Onesirow0202 · 25.02.2013, 13:10

So hier sind die GMER und MBAR Log-Files

Code:

ATTFilter

GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-25 12:14:54
Windows 6.1.7600  x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5 SAMSUNG_HD502IJ rev.1AA01113 465,76GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\******~1\AppData\Local\Temp\fwlyifoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                  00000000757b1401 2 bytes JMP 75d7eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                    00000000757b1419 2 bytes JMP 75d8b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                  00000000757b1431 2 bytes JMP 75e08609 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                  00000000757b144a 2 bytes CALL 75d61dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                      * 9
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                     00000000757b14dd 2 bytes JMP 75e07efe C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                              00000000757b14f5 2 bytes JMP 75e080d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Moritz Weidner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                     00000000757b150d 2 bytes JMP 75e07df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                              00000000757b1525 2 bytes JMP 75e081c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                    00000000757b153d 2 bytes JMP 75d7f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Moritz Weidner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                         00000000757b1555 2 bytes JMP 75d8b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                  00000000757b156d 2 bytes JMP 75e086c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                    00000000757b1585 2 bytes JMP 75e08222 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                       00000000757b159d 2 bytes JMP 75e07db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                    00000000757b15b5 2 bytes JMP 75d7f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                  00000000757b15cd 2 bytes JMP 75d8b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                              00000000757b16b2 2 bytes JMP 75e08584 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                              00000000757b16bd 2 bytes JMP 75e07d4d C:\Windows\syswow64\kernel32.dll
.text  C:\Users\************\AppData\Local\Temp\Traymonitor.exe[1236] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                                                             0000000077ad000c 1 byte [C3]
.text  C:\Users\************\AppData\Local\Temp\Traymonitor.exe[1236] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                        0000000077b5f50a 5 bytes JMP 0000000177b0dba1
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                00000000757b1401 2 bytes JMP 75d7eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  00000000757b1419 2 bytes JMP 75d8b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                00000000757b1431 2 bytes JMP 75e08609 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                00000000757b144a 2 bytes CALL 75d61dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   00000000757b14dd 2 bytes JMP 75e07efe C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            00000000757b14f5 2 bytes JMP 75e080d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   00000000757b150d 2 bytes JMP 75e07df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            00000000757b1525 2 bytes JMP 75e081c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  00000000757b153d 2 bytes JMP 75d7f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       00000000757b1555 2 bytes JMP 75d8b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                00000000757b156d 2 bytes JMP 75e086c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  00000000757b1585 2 bytes JMP 75e08222 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     00000000757b159d 2 bytes JMP 75e07db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  00000000757b15b5 2 bytes JMP 75d7f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                00000000757b15cd 2 bytes JMP 75d8b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            00000000757b16b2 2 bytes JMP 75e08584 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            00000000757b16bd 2 bytes JMP 75e07d4d C:\Windows\syswow64\kernel32.dll
?      C:\Windows\system32\mssprxy.dll [4740] entry point in ".rdata" section                                                                                                                                   00000000749c71e6
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                               0000000077adf951 7 bytes {MOV EDX, 0xcaba28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                                    0000000077adfb95 7 bytes {MOV EDX, 0xcaba68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                                        0000000077adfbc5 7 bytes {MOV EDX, 0xcab9a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                                 0000000077adfbdd 7 bytes {MOV EDX, 0xcab928; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                                   0000000077adfbf5 7 bytes {MOV EDX, 0xcabb28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                                 0000000077adfc25 7 bytes {MOV EDX, 0xcabb68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                                  0000000077adfca5 7 bytes {MOV EDX, 0xcabae8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                                 0000000077adfcbd 7 bytes {MOV EDX, 0xcabaa8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                                           0000000077adfd09 7 bytes {MOV EDX, 0xcab868; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                                0000000077adfe01 7 bytes {MOV EDX, 0xcab8a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                                         0000000077ae0059 7 bytes {MOV EDX, 0xcab828; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                                   0000000077ae1065 7 bytes {MOV EDX, 0xcab9e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                                         0000000077ae10dd 7 bytes {MOV EDX, 0xcab968; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                            0000000077ae12e1 7 bytes {MOV EDX, 0xcab8e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                00000000757b1401 2 bytes JMP 75d7eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  00000000757b1419 2 bytes JMP 75d8b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                00000000757b1431 2 bytes JMP 75e08609 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                00000000757b144a 2 bytes CALL 75d61dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   00000000757b14dd 2 bytes JMP 75e07efe C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            00000000757b14f5 2 bytes JMP 75e080d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   00000000757b150d 2 bytes JMP 75e07df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            00000000757b1525 2 bytes JMP 75e081c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  00000000757b153d 2 bytes JMP 75d7f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       00000000757b1555 2 bytes JMP 75d8b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                00000000757b156d 2 bytes JMP 75e086c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  00000000757b1585 2 bytes JMP 75e08222 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     00000000757b159d 2 bytes JMP 75e07db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  00000000757b15b5 2 bytes JMP 75d7f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                00000000757b15cd 2 bytes JMP 75d8b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            00000000757b16b2 2 bytes JMP 75e08584 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            00000000757b16bd 2 bytes JMP 75e07d4d C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                               0000000077adf951 7 bytes {MOV EDX, 0xa40a28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                                    0000000077adfb95 7 bytes {MOV EDX, 0xa40a68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                                        0000000077adfbc5 7 bytes {MOV EDX, 0xa409a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                                 0000000077adfbdd 7 bytes {MOV EDX, 0xa40928; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                                   0000000077adfbf5 7 bytes {MOV EDX, 0xa40b28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                                 0000000077adfc25 7 bytes {MOV EDX, 0xa40b68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                                  0000000077adfca5 7 bytes {MOV EDX, 0xa40ae8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                                 0000000077adfcbd 7 bytes {MOV EDX, 0xa40aa8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                                           0000000077adfd09 7 bytes {MOV EDX, 0xa40868; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                                0000000077adfe01 7 bytes {MOV EDX, 0xa408a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                                         0000000077ae0059 7 bytes {MOV EDX, 0xa40828; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                                   0000000077ae1065 7 bytes {MOV EDX, 0xa409e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                                         0000000077ae10dd 7 bytes {MOV EDX, 0xa40968; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                            0000000077ae12e1 7 bytes {MOV EDX, 0xa408e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                00000000757b1401 2 bytes JMP 75d7eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  00000000757b1419 2 bytes JMP 75d8b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                00000000757b1431 2 bytes JMP 75e08609 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                00000000757b144a 2 bytes CALL 75d61dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   00000000757b14dd 2 bytes JMP 75e07efe C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            00000000757b14f5 2 bytes JMP 75e080d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   00000000757b150d 2 bytes JMP 75e07df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            00000000757b1525 2 bytes JMP 75e081c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  00000000757b153d 2 bytes JMP 75d7f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       00000000757b1555 2 bytes JMP 75d8b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                00000000757b156d 2 bytes JMP 75e086c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  00000000757b1585 2 bytes JMP 75e08222 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     00000000757b159d 2 bytes JMP 75e07db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  00000000757b15b5 2 bytes JMP 75d7f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                00000000757b15cd 2 bytes JMP 75d8b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            00000000757b16b2 2 bytes JMP 75e08584 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            00000000757b16bd 2 bytes JMP 75e07d4d C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                               0000000077adf951 7 bytes {MOV EDX, 0x168e28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                                    0000000077adfb95 7 bytes {MOV EDX, 0x168e68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                                        0000000077adfbc5 2 bytes [BA, A8]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8                                                                                        0000000077adfbc8 4 bytes [16, 00, FF, E2]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                                 0000000077adfbdd 2 bytes [BA, 28]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8                                                                                 0000000077adfbe0 4 bytes [16, 00, FF, E2]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                                   0000000077adfbf5 7 bytes {MOV EDX, 0x168f28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                                 0000000077adfc25 7 bytes {MOV EDX, 0x168f68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                                  0000000077adfca5 7 bytes {MOV EDX, 0x168ee8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                                 0000000077adfcbd 7 bytes {MOV EDX, 0x168ea8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                                           0000000077adfd09 7 bytes {MOV EDX, 0x168c68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                                0000000077adfe01 7 bytes {MOV EDX, 0x168ca8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                                         0000000077ae0059 7 bytes {MOV EDX, 0x168c28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                                   0000000077ae1065 2 bytes [BA, E8]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8                                                                                   0000000077ae1068 4 bytes {CALL 0xffffffffff001692}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                                         0000000077ae10dd 2 bytes [BA, 68]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8                                                                                         0000000077ae10e0 4 bytes [16, 00, FF, E2]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                            0000000077ae12e1 7 bytes {MOV EDX, 0x168ce8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                00000000757b1401 2 bytes JMP 75d7eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  00000000757b1419 2 bytes JMP 75d8b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                00000000757b1431 2 bytes JMP 75e08609 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                00000000757b144a 2 bytes CALL 75d61dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   00000000757b14dd 2 bytes JMP 75e07efe C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            00000000757b14f5 2 bytes JMP 75e080d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   00000000757b150d 2 bytes JMP 75e07df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            00000000757b1525 2 bytes JMP 75e081c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  00000000757b153d 2 bytes JMP 75d7f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       00000000757b1555 2 bytes JMP 75d8b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                00000000757b156d 2 bytes JMP 75e086c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  00000000757b1585 2 bytes JMP 75e08222 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     00000000757b159d 2 bytes JMP 75e07db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  00000000757b15b5 2 bytes JMP 75d7f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                00000000757b15cd 2 bytes JMP 75d8b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            00000000757b16b2 2 bytes JMP 75e08584 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            00000000757b16bd 2 bytes JMP 75e07d4d C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                               0000000077adf951 7 bytes {MOV EDX, 0x95228; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                                    0000000077adfb95 7 bytes {MOV EDX, 0x95268; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                                        0000000077adfbc5 7 bytes {MOV EDX, 0x951a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                                 0000000077adfbdd 7 bytes {MOV EDX, 0x95128; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                                   0000000077adfbf5 7 bytes {MOV EDX, 0x95328; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                                 0000000077adfc25 7 bytes {MOV EDX, 0x95368; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                                  0000000077adfca5 7 bytes {MOV EDX, 0x952e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                                 0000000077adfcbd 7 bytes {MOV EDX, 0x952a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                                           0000000077adfd09 7 bytes {MOV EDX, 0x95068; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                                0000000077adfe01 7 bytes {MOV EDX, 0x950a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                                         0000000077ae0059 7 bytes {MOV EDX, 0x95028; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                                   0000000077ae1065 7 bytes {MOV EDX, 0x951e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                                         0000000077ae10dd 7 bytes {MOV EDX, 0x95168; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                            0000000077ae12e1 7 bytes {MOV EDX, 0x950e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                00000000757b1401 2 bytes JMP 75d7eb26 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  00000000757b1419 2 bytes JMP 75d8b513 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                00000000757b1431 2 bytes JMP 75e08609 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                00000000757b144a 2 bytes CALL 75d61dfa C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   00000000757b14dd 2 bytes JMP 75e07efe C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            00000000757b14f5 2 bytes JMP 75e080d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   00000000757b150d 2 bytes JMP 75e07df4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            00000000757b1525 2 bytes JMP 75e081c2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  00000000757b153d 2 bytes JMP 75d7f088 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       00000000757b1555 2 bytes JMP 75d8b885 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                00000000757b156d 2 bytes JMP 75e086c1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  00000000757b1585 2 bytes JMP 75e08222 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     00000000757b159d 2 bytes JMP 75e07db8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  00000000757b15b5 2 bytes JMP 75d7f121 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                00000000757b15cd 2 bytes JMP 75d8b29f C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            00000000757b16b2 2 bytes JMP 75e08584 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            00000000757b16bd 2 bytes JMP 75e07d4d C:\Windows\syswow64\kernel32.dll

---- Registry - GMER 2.1 ----

Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\************\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 2.1 ----

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.25.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Moritz Weidner :: ************ [administrator]

25.02.2013 13:02:41
mbar-log-2013-02-25 (13-02-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28213
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Mfg Onesirow0202

cosinus · 25.02.2013, 13:47

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Onesirow0202 · 25.02.2013, 19:08

Bitte schön hier sind die nächsten gewünschten Log-Files

:-)

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-25 18:48:11
-----------------------------
18:48:11.564    OS Version: Windows x64 6.1.7600 
18:48:11.564    Number of processors: 4 586 0x203
18:48:11.565    ComputerName: ************  UserName: 
18:48:13.314    Initialize success
18:49:31.005    AVAST engine defs: 13022500
18:50:01.504    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
18:50:01.508    Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
18:50:01.511    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
18:50:01.515    Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
18:50:01.519    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-7
18:50:01.524    Disk 2 Vendor: Maxtor_6L160P0 BAJ41G20 Size: 156334MB BusType: 3
18:50:01.533    Disk 1 MBR read successfully
18:50:01.536    Disk 1 MBR scan
18:50:01.541    Disk 1 Windows XP default MBR code
18:50:01.553    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       476938 MB offset 2048
18:50:01.581    Disk 1 scanning C:\Windows\system32\drivers
18:50:08.107    Service scanning
18:50:25.253    Modules scanning
18:50:25.266    Disk 1 trace - called modules:
18:50:25.285    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
18:50:25.293    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80028d3060]
18:50:25.301    3 CLASSPNP.SYS[fffff8800194e43f] -> nt!IofCallDriver -> [0xfffffa80023c5520]
18:50:25.309    5 ACPI.sys[fffff88000edc781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0xfffffa8002489680]
18:50:26.721    AVAST engine scan C:\Windows
18:50:29.592    AVAST engine scan C:\Windows\system32
18:53:30.793    AVAST engine scan C:\Windows\system32\drivers
18:54:11.542    AVAST engine scan C:\Users\************
18:56:20.996    File: C:\Users\************\AppData\Local\Temp\Traymonitor.exe  **INFECTED** Win32:Malware-gen
18:56:43.953    AVAST engine scan C:\ProgramData
18:56:59.875    Scan finished successfully
18:57:09.917    Disk 1 MBR has been saved successfully to "C:\Users\****** ******\Desktop\MBR.dat"
18:57:09.926    The log file has been saved successfully to "C:\Users\****** ******\Desktop\aswMBR.txt"

Code:

ATTFilter

19:01:10.0291 4140  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:01:10.0463 4140  ============================================================
19:01:10.0463 4140  Current date / time: 2013/02/25 19:01:10.0463
19:01:10.0463 4140  SystemInfo:
19:01:10.0463 4140  
19:01:10.0463 4140  OS Version: 6.1.7600 ServicePack: 0.0
19:01:10.0463 4140  Product type: Workstation
19:01:10.0463 4140  ComputerName: ************
19:01:10.0463 4140  UserName: ************a
19:01:10.0463 4140  Windows directory: C:\Windows
19:01:10.0463 4140  System windows directory: C:\Windows
19:01:10.0463 4140  Running under WOW64
19:01:10.0463 4140  Processor architecture: Intel x64
19:01:10.0463 4140  Number of processors: 4
19:01:10.0463 4140  Page size: 0x1000
19:01:10.0463 4140  Boot type: Normal boot
19:01:10.0463 4140  ============================================================
19:01:11.0633 4140  Drive \Device\Harddisk2\DR2 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:01:12.0070 4140  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:01:12.0070 4140  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:01:12.0085 4140  ============================================================
19:01:12.0085 4140  \Device\Harddisk2\DR2:
19:01:12.0085 4140  MBR partitions:
19:01:12.0085 4140  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1314FF99
19:01:12.0085 4140  \Device\Harddisk0\DR0:
19:01:12.0085 4140  MBR partitions:
19:01:12.0085 4140  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
19:01:12.0085 4140  \Device\Harddisk1\DR1:
19:01:12.0085 4140  MBR partitions:
19:01:12.0085 4140  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
19:01:12.0085 4140  ============================================================
19:01:12.0101 4140  C: <-> \Device\Harddisk1\DR1\Partition1
19:01:12.0117 4140  D: <-> \Device\Harddisk0\DR0\Partition1
19:01:12.0132 4140  F: <-> \Device\Harddisk2\DR2\Partition1
19:01:12.0132 4140  ============================================================
19:01:12.0132 4140  Initialize success
19:01:12.0132 4140  ============================================================
19:01:18.0653 2216  ============================================================
19:01:18.0653 2216  Scan started
19:01:18.0653 2216  Mode: Manual; SigCheck; TDLFS; 
19:01:18.0653 2216  ============================================================
19:01:19.0464 2216  ================ Scan system memory ========================
19:01:19.0464 2216  System memory - ok
19:01:19.0464 2216  ================ Scan services =============================
19:01:19.0589 2216  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:01:19.0729 2216  1394ohci - ok
19:01:19.0761 2216  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:01:19.0776 2216  ACPI - ok
19:01:19.0792 2216  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:01:19.0870 2216  AcpiPmi - ok
19:01:19.0979 2216  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:01:19.0995 2216  AdobeARMservice - ok
19:01:20.0229 2216  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:01:20.0244 2216  AdobeFlashPlayerUpdateSvc - ok
19:01:20.0322 2216  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:01:20.0385 2216  adp94xx - ok
19:01:20.0416 2216  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:01:20.0431 2216  adpahci - ok
19:01:20.0431 2216  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:01:20.0447 2216  adpu320 - ok
19:01:20.0478 2216  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:01:20.0603 2216  AeLookupSvc - ok
19:01:20.0634 2216  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
19:01:20.0697 2216  AFD - ok
19:01:20.0728 2216  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:01:20.0728 2216  agp440 - ok
19:01:20.0743 2216  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:01:20.0775 2216  ALG - ok
19:01:20.0790 2216  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:01:20.0790 2216  aliide - ok
19:01:20.0837 2216  [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:01:20.0931 2216  AMD External Events Utility - ok
19:01:21.0040 2216  AMD FUEL Service - ok
19:01:21.0055 2216  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:01:21.0071 2216  amdide - ok
19:01:21.0102 2216  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:01:21.0133 2216  AmdK8 - ok
19:01:21.0399 2216  [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:01:21.0617 2216  amdkmdag - ok
19:01:21.0664 2216  [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:01:21.0711 2216  amdkmdap - ok
19:01:21.0726 2216  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:01:21.0773 2216  AmdPPM - ok
19:01:21.0804 2216  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
19:01:21.0820 2216  amdsata - ok
19:01:21.0820 2216  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:01:21.0835 2216  amdsbs - ok
19:01:21.0851 2216  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
19:01:21.0851 2216  amdxata - ok
19:01:21.0913 2216  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:01:21.0945 2216  AODDriver4.2 - ok
19:01:22.0007 2216  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
19:01:22.0101 2216  AppID - ok
19:01:22.0132 2216  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:01:22.0194 2216  AppIDSvc - ok
19:01:22.0194 2216  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
19:01:22.0241 2216  Appinfo - ok
19:01:22.0288 2216  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:01:22.0366 2216  AppMgmt - ok
19:01:22.0366 2216  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:01:22.0381 2216  arc - ok
19:01:22.0397 2216  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:01:22.0413 2216  arcsas - ok
19:01:22.0491 2216  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
19:01:22.0491 2216  AsIO - ok
19:01:22.0584 2216  [ E781164C7D47950E3D218C84B2901CB2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
19:01:22.0600 2216  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
19:01:22.0600 2216  AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
19:01:22.0631 2216  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:01:22.0693 2216  AsyncMac - ok
19:01:22.0725 2216  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:01:22.0725 2216  atapi - ok
19:01:22.0787 2216  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:01:22.0803 2216  AtiHDAudioService - ok
19:01:23.0052 2216  [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:01:23.0208 2216  atikmdag - ok
19:01:23.0286 2216  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:01:23.0349 2216  AudioEndpointBuilder - ok
19:01:23.0364 2216  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:01:23.0411 2216  AudioSrv - ok
19:01:23.0442 2216  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:01:23.0520 2216  AxInstSV - ok
19:01:23.0583 2216  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:01:23.0645 2216  b06bdrv - ok
19:01:23.0692 2216  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:01:23.0739 2216  b57nd60a - ok
19:01:23.0770 2216  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:01:23.0817 2216  BDESVC - ok
19:01:23.0832 2216  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:01:23.0879 2216  Beep - ok
19:01:23.0926 2216  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
19:01:24.0004 2216  BFE - ok
19:01:24.0051 2216  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
19:01:24.0113 2216  BITS - ok
19:01:24.0160 2216  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:01:24.0191 2216  blbdrive - ok
19:01:24.0191 2216  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:01:24.0222 2216  bowser - ok
19:01:24.0238 2216  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:01:24.0253 2216  BrFiltLo - ok
19:01:24.0269 2216  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:01:24.0269 2216  BrFiltUp - ok
19:01:24.0316 2216  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
19:01:24.0378 2216  Browser - ok
19:01:24.0394 2216  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:01:24.0487 2216  Brserid - ok
19:01:24.0503 2216  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:01:24.0534 2216  BrSerWdm - ok
19:01:24.0534 2216  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:01:24.0550 2216  BrUsbMdm - ok
19:01:24.0565 2216  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:01:24.0565 2216  BrUsbSer - ok
19:01:24.0581 2216  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:01:24.0612 2216  BTHMODEM - ok
19:01:24.0643 2216  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:01:24.0706 2216  bthserv - ok
19:01:24.0721 2216  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:01:24.0753 2216  cdfs - ok
19:01:24.0784 2216  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:01:24.0799 2216  cdrom - ok
19:01:24.0846 2216  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:01:24.0909 2216  CertPropSvc - ok
19:01:24.0940 2216  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:01:24.0955 2216  circlass - ok
19:01:24.0987 2216  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:01:24.0987 2216  CLFS - ok
19:01:25.0065 2216  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:01:25.0080 2216  clr_optimization_v2.0.50727_32 - ok
19:01:25.0143 2216  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:01:25.0158 2216  clr_optimization_v2.0.50727_64 - ok
19:01:25.0236 2216  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:01:25.0252 2216  clr_optimization_v4.0.30319_32 - ok
19:01:25.0283 2216  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:01:25.0299 2216  clr_optimization_v4.0.30319_64 - ok
19:01:25.0314 2216  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:01:25.0345 2216  CmBatt - ok
19:01:25.0377 2216  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:01:25.0377 2216  cmdide - ok
19:01:25.0455 2216  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:01:25.0517 2216  CNG - ok
19:01:25.0579 2216  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:01:25.0611 2216  Compbatt - ok
19:01:25.0657 2216  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:01:25.0689 2216  CompositeBus - ok
19:01:25.0704 2216  COMSysApp - ok
19:01:25.0720 2216  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:01:25.0735 2216  crcdisk - ok
19:01:25.0798 2216  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:01:25.0860 2216  CryptSvc - ok
19:01:25.0907 2216  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
19:01:26.0001 2216  CSC - ok
19:01:26.0016 2216  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
19:01:26.0063 2216  CscService - ok
19:01:26.0141 2216  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:01:26.0203 2216  DcomLaunch - ok
19:01:26.0250 2216  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:01:26.0328 2216  defragsvc - ok
19:01:26.0344 2216  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:01:26.0375 2216  DfsC - ok
19:01:26.0422 2216  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:01:26.0453 2216  Dhcp - ok
19:01:26.0469 2216  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:01:26.0500 2216  discache - ok
19:01:26.0515 2216  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:01:26.0531 2216  Disk - ok
19:01:26.0562 2216  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:01:26.0609 2216  Dnscache - ok
19:01:26.0625 2216  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
19:01:26.0671 2216  dot3svc - ok
19:01:26.0671 2216  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
19:01:26.0718 2216  DPS - ok
19:01:26.0765 2216  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:01:26.0781 2216  drmkaud - ok
19:01:26.0890 2216  [ CDDF35F907EDAF1EAD13D38F9A2A2411 ] DvmMDES         C:\ASUS.SYS\config\DVMExportService.exe
19:01:26.0921 2216  DvmMDES ( UnsignedFile.Multi.Generic ) - warning
19:01:26.0921 2216  DvmMDES - detected UnsignedFile.Multi.Generic (1)
19:01:26.0952 2216  [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:01:27.0015 2216  DXGKrnl - ok
19:01:27.0046 2216  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:01:27.0077 2216  EapHost - ok
19:01:27.0171 2216  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:01:27.0249 2216  ebdrv - ok
19:01:27.0280 2216  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
19:01:27.0311 2216  EFS - ok
19:01:27.0420 2216  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:01:27.0483 2216  ehRecvr - ok
19:01:27.0498 2216  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:01:27.0545 2216  ehSched - ok
19:01:27.0592 2216  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:01:27.0623 2216  elxstor - ok
19:01:27.0639 2216  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:01:27.0685 2216  ErrDev - ok
19:01:27.0732 2216  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:01:27.0779 2216  EventSystem - ok
19:01:27.0779 2216  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:01:27.0826 2216  exfat - ok
19:01:27.0841 2216  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:01:27.0888 2216  fastfat - ok
19:01:27.0935 2216  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
19:01:28.0013 2216  Fax - ok
19:01:28.0029 2216  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:01:28.0060 2216  fdc - ok
19:01:28.0075 2216  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:01:28.0153 2216  fdPHost - ok
19:01:28.0185 2216  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:01:28.0216 2216  FDResPub - ok
19:01:28.0216 2216  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:01:28.0231 2216  FileInfo - ok
19:01:28.0231 2216  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:01:28.0263 2216  Filetrace - ok
19:01:28.0278 2216  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:01:28.0278 2216  flpydisk - ok
19:01:28.0294 2216  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:01:28.0309 2216  FltMgr - ok
19:01:28.0341 2216  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
19:01:28.0403 2216  FontCache - ok
19:01:28.0465 2216  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:01:28.0465 2216  FontCache3.0.0.0 - ok
19:01:28.0559 2216  [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
19:01:28.0590 2216  ForceWare Intelligent Application Manager (IAM) - ok
19:01:28.0590 2216  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:01:28.0606 2216  FsDepends - ok
19:01:28.0621 2216  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:01:28.0621 2216  Fs_Rec - ok
19:01:28.0653 2216  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:01:28.0668 2216  fvevol - ok
19:01:28.0684 2216  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:01:28.0699 2216  gagp30kx - ok
19:01:28.0793 2216  Giraffic - ok
19:01:28.0840 2216  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
19:01:28.0887 2216  gpsvc - ok
19:01:28.0949 2216  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:01:28.0965 2216  gupdate - ok
19:01:28.0965 2216  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:01:28.0980 2216  gupdatem - ok
19:01:28.0996 2216  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:01:29.0058 2216  hcw85cir - ok
19:01:29.0105 2216  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:01:29.0152 2216  HdAudAddService - ok
19:01:29.0183 2216  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:01:29.0230 2216  HDAudBus - ok
19:01:29.0230 2216  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:01:29.0261 2216  HidBatt - ok
19:01:29.0277 2216  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:01:29.0308 2216  HidBth - ok
19:01:29.0308 2216  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:01:29.0339 2216  HidIr - ok
19:01:29.0355 2216  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:01:29.0417 2216  hidserv - ok
19:01:29.0433 2216  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:01:29.0448 2216  HidUsb - ok
19:01:29.0464 2216  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:01:29.0526 2216  hkmsvc - ok
19:01:29.0557 2216  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:01:29.0604 2216  HomeGroupListener - ok
19:01:29.0651 2216  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:01:29.0682 2216  HomeGroupProvider - ok
19:01:29.0698 2216  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:01:29.0713 2216  HpSAMD - ok
19:01:29.0760 2216  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:01:29.0807 2216  HTTP - ok
19:01:29.0823 2216  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:01:29.0823 2216  hwpolicy - ok
19:01:29.0885 2216  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:01:29.0901 2216  i8042prt - ok
19:01:29.0916 2216  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
19:01:29.0932 2216  iaStorV - ok
19:01:29.0994 2216  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:01:30.0025 2216  idsvc - ok
19:01:30.0025 2216  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:01:30.0041 2216  iirsp - ok
19:01:30.0088 2216  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
19:01:30.0166 2216  IKEEXT - ok
19:01:30.0181 2216  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:01:30.0181 2216  intelide - ok
19:01:30.0228 2216  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:01:30.0259 2216  intelppm - ok
19:01:30.0275 2216  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:01:30.0353 2216  IPBusEnum - ok
19:01:30.0353 2216  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:01:30.0384 2216  IpFilterDriver - ok
19:01:30.0431 2216  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:01:30.0493 2216  iphlpsvc - ok
19:01:30.0493 2216  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:01:30.0509 2216  IPMIDRV - ok
19:01:30.0540 2216  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:01:30.0587 2216  IPNAT - ok
19:01:30.0603 2216  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:01:30.0618 2216  IRENUM - ok
19:01:30.0649 2216  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:01:30.0649 2216  isapnp - ok
19:01:30.0665 2216  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:01:30.0681 2216  iScsiPrt - ok
19:01:30.0712 2216  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:01:30.0712 2216  kbdclass - ok
19:01:30.0727 2216  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:01:30.0743 2216  kbdhid - ok
19:01:30.0759 2216  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
19:01:30.0774 2216  KeyIso - ok
19:01:30.0790 2216  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:01:30.0805 2216  KSecDD - ok
19:01:30.0805 2216  [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:01:30.0821 2216  KSecPkg - ok
19:01:30.0821 2216  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:01:30.0868 2216  ksthunk - ok
19:01:30.0915 2216  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:01:30.0993 2216  KtmRm - ok
19:01:31.0039 2216  [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:01:31.0102 2216  LanmanServer - ok
19:01:31.0149 2216  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:01:31.0195 2216  LanmanWorkstation - ok
19:01:31.0211 2216  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:01:31.0258 2216  lltdio - ok
19:01:31.0273 2216  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:01:31.0351 2216  lltdsvc - ok
19:01:31.0398 2216  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:01:31.0445 2216  lmhosts - ok
19:01:31.0476 2216  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:01:31.0476 2216  LSI_FC - ok
19:01:31.0492 2216  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:01:31.0492 2216  LSI_SAS - ok
19:01:31.0507 2216  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:01:31.0507 2216  LSI_SAS2 - ok
19:01:31.0539 2216  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:01:31.0554 2216  LSI_SCSI - ok
19:01:31.0554 2216  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:01:31.0601 2216  luafv - ok
19:01:31.0648 2216  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
19:01:31.0663 2216  LVRS64 - ok
19:01:31.0773 2216  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
19:01:31.0882 2216  LVUVC64 - ok
19:01:31.0897 2216  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:01:31.0913 2216  Mcx2Svc - ok
19:01:31.0929 2216  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:01:31.0929 2216  megasas - ok
19:01:31.0944 2216  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:01:31.0960 2216  MegaSR - ok
19:01:31.0991 2216  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:01:32.0069 2216  MMCSS - ok
19:01:32.0085 2216  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:01:32.0163 2216  Modem - ok
19:01:32.0194 2216  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:01:32.0209 2216  monitor - ok
19:01:32.0225 2216  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:01:32.0241 2216  mouclass - ok
19:01:32.0272 2216  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:01:32.0287 2216  mouhid - ok
19:01:32.0287 2216  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:01:32.0303 2216  mountmgr - ok
19:01:32.0303 2216  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:01:32.0319 2216  mpio - ok
19:01:32.0319 2216  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:01:32.0350 2216  mpsdrv - ok
19:01:32.0397 2216  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:01:32.0490 2216  MpsSvc - ok
19:01:32.0521 2216  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:01:32.0553 2216  MRxDAV - ok
19:01:32.0553 2216  [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:01:32.0615 2216  mrxsmb - ok
19:01:32.0646 2216  [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:01:32.0677 2216  mrxsmb10 - ok
19:01:32.0693 2216  [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:01:32.0724 2216  mrxsmb20 - ok
19:01:32.0740 2216  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:01:32.0740 2216  msahci - ok
19:01:32.0755 2216  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:01:32.0755 2216  msdsm - ok
19:01:32.0787 2216  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:01:32.0818 2216  MSDTC - ok
19:01:32.0833 2216  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:01:32.0865 2216  Msfs - ok
19:01:32.0880 2216  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:01:32.0943 2216  mshidkmdf - ok
19:01:32.0974 2216  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:01:32.0974 2216  msisadrv - ok
19:01:33.0005 2216  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:01:33.0052 2216  MSiSCSI - ok
19:01:33.0067 2216  msiserver - ok
19:01:33.0099 2216  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:01:33.0177 2216  MSKSSRV - ok
19:01:33.0192 2216  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:01:33.0255 2216  MSPCLOCK - ok
19:01:33.0270 2216  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:01:33.0333 2216  MSPQM - ok
19:01:33.0364 2216  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:01:33.0379 2216  MsRPC - ok
19:01:33.0395 2216  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:01:33.0395 2216  mssmbios - ok
19:01:33.0411 2216  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:01:33.0457 2216  MSTEE - ok
19:01:33.0489 2216  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:01:33.0520 2216  MTConfig - ok
19:01:33.0582 2216  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:01:33.0582 2216  MTsensor - ok
19:01:33.0598 2216  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:01:33.0613 2216  Mup - ok
19:01:33.0660 2216  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
19:01:33.0707 2216  napagent - ok
19:01:33.0754 2216  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:01:33.0801 2216  NativeWifiP - ok
19:01:33.0832 2216  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:01:33.0863 2216  NDIS - ok
19:01:33.0894 2216  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:01:33.0925 2216  NdisCap - ok
19:01:33.0957 2216  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:01:34.0019 2216  NdisTapi - ok
19:01:34.0035 2216  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:01:34.0081 2216  Ndisuio - ok
19:01:34.0097 2216  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:01:34.0144 2216  NdisWan - ok
19:01:34.0159 2216  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:01:34.0191 2216  NDProxy - ok
19:01:34.0206 2216  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:01:34.0237 2216  NetBIOS - ok
19:01:34.0237 2216  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:01:34.0284 2216  NetBT - ok
19:01:34.0315 2216  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
19:01:34.0315 2216  Netlogon - ok
19:01:34.0378 2216  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:01:34.0440 2216  Netman - ok
19:01:34.0471 2216  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:01:34.0534 2216  netprofm - ok
19:01:34.0565 2216  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:01:34.0581 2216  NetTcpPortSharing - ok
19:01:34.0612 2216  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:01:34.0627 2216  nfrd960 - ok
19:01:34.0659 2216  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:01:34.0721 2216  NlaSvc - ok
19:01:34.0737 2216  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:01:34.0768 2216  Npfs - ok
19:01:34.0783 2216  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:01:34.0830 2216  nsi - ok
19:01:34.0861 2216  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:01:34.0924 2216  nsiproxy - ok
19:01:34.0971 2216  [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
19:01:34.0986 2216  nSvcIp - ok
19:01:35.0049 2216  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:01:35.0095 2216  Ntfs - ok
19:01:35.0111 2216  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:01:35.0142 2216  Null - ok
19:01:35.0173 2216  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
19:01:35.0205 2216  NVENETFD - ok
19:01:35.0236 2216  [ 956A1F47826514C1EA0C295FE13C7377 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
19:01:35.0267 2216  NVNET - ok
19:01:35.0283 2216  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
19:01:35.0283 2216  nvraid - ok
19:01:35.0345 2216  [ AFDE3015BB8D76E26BEC3B287C5443A0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
19:01:35.0345 2216  nvsmu - ok
19:01:35.0376 2216  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
19:01:35.0392 2216  nvstor - ok
19:01:35.0407 2216  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:01:35.0423 2216  nv_agp - ok
19:01:35.0439 2216  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:01:35.0439 2216  ohci1394 - ok
19:01:35.0485 2216  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:01:35.0517 2216  p2pimsvc - ok
19:01:35.0548 2216  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:01:35.0563 2216  p2psvc - ok
19:01:35.0579 2216  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:01:35.0595 2216  Parport - ok
19:01:35.0610 2216  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:01:35.0610 2216  partmgr - ok
19:01:35.0626 2216  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:01:35.0688 2216  PcaSvc - ok
19:01:35.0751 2216  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:01:35.0782 2216  pci - ok
19:01:35.0860 2216  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:01:35.0922 2216  pciide - ok
19:01:36.0000 2216  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:01:36.0016 2216  pcmcia - ok
19:01:36.0031 2216  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:01:36.0031 2216  pcw - ok
19:01:36.0063 2216  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:01:36.0109 2216  PEAUTH - ok
19:01:36.0172 2216  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:01:36.0265 2216  PeerDistSvc - ok
19:01:36.0343 2216  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:01:36.0375 2216  PerfHost - ok
19:01:36.0453 2216  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
19:01:36.0531 2216  pla - ok
19:01:36.0562 2216  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:01:36.0624 2216  PlugPlay - ok
19:01:36.0640 2216  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:01:36.0687 2216  PNRPAutoReg - ok
19:01:36.0702 2216  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:01:36.0733 2216  PNRPsvc - ok
19:01:36.0765 2216  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:01:36.0827 2216  PolicyAgent - ok
19:01:36.0843 2216  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:01:36.0905 2216  Power - ok
19:01:36.0936 2216  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:01:36.0999 2216  PptpMiniport - ok
19:01:37.0030 2216  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:01:37.0061 2216  Processor - ok
19:01:37.0092 2216  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
19:01:37.0170 2216  ProfSvc - ok
19:01:37.0201 2216  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
19:01:37.0201 2216  ProtectedStorage - ok
19:01:37.0248 2216  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:01:37.0279 2216  Psched - ok
19:01:37.0311 2216  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:01:37.0357 2216  ql2300 - ok
19:01:37.0357 2216  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:01:37.0373 2216  ql40xx - ok
19:01:37.0404 2216  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:01:37.0420 2216  QWAVE - ok
19:01:37.0435 2216  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:01:37.0467 2216  QWAVEdrv - ok
19:01:37.0529 2216  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
19:01:37.0545 2216  RapiMgr - ok
19:01:37.0576 2216  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:01:37.0623 2216  RasAcd - ok
19:01:37.0669 2216  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:01:37.0701 2216  RasAgileVpn - ok
19:01:37.0716 2216  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:01:37.0779 2216  RasAuto - ok
19:01:37.0794 2216  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:01:37.0825 2216  Rasl2tp - ok
19:01:37.0857 2216  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
19:01:37.0903 2216  RasMan - ok
19:01:37.0903 2216  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:01:37.0950 2216  RasPppoe - ok
19:01:37.0966 2216  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:01:37.0997 2216  RasSstp - ok
19:01:38.0028 2216  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:01:38.0106 2216  rdbss - ok
19:01:38.0122 2216  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:01:38.0153 2216  rdpbus - ok
19:01:38.0184 2216  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:01:38.0215 2216  RDPCDD - ok
19:01:38.0247 2216  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:01:38.0309 2216  RDPDR - ok
19:01:38.0340 2216  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:01:38.0403 2216  RDPENCDD - ok
19:01:38.0434 2216  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:01:38.0465 2216  RDPREFMP - ok
19:01:38.0496 2216  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:01:38.0559 2216  RDPWD - ok
19:01:38.0574 2216  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:01:38.0590 2216  rdyboost - ok
19:01:38.0605 2216  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:01:38.0668 2216  RemoteAccess - ok
19:01:38.0715 2216  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:01:38.0793 2216  RemoteRegistry - ok
19:01:38.0824 2216  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:01:38.0871 2216  RpcEptMapper - ok
19:01:38.0902 2216  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:01:38.0933 2216  RpcLocator - ok
19:01:38.0964 2216  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
19:01:39.0027 2216  RpcSs - ok
19:01:39.0027 2216  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:01:39.0073 2216  rspndr - ok
19:01:39.0105 2216  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
19:01:39.0136 2216  s3cap - ok
19:01:39.0151 2216  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
19:01:39.0167 2216  SamSs - ok
19:01:39.0183 2216  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:01:39.0198 2216  sbp2port - ok
19:01:39.0245 2216  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:01:39.0307 2216  SCardSvr - ok
19:01:39.0339 2216  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:01:39.0385 2216  scfilter - ok
19:01:39.0432 2216  [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule        C:\Windows\system32\schedsvc.dll
19:01:39.0495 2216  Schedule - ok
19:01:39.0526 2216  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:01:39.0573 2216  SCPolicySvc - ok
19:01:39.0588 2216  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:01:39.0651 2216  SDRSVC - ok
19:01:39.0682 2216  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:01:39.0744 2216  secdrv - ok
19:01:39.0760 2216  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
19:01:39.0822 2216  seclogon - ok
19:01:39.0869 2216  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:01:39.0931 2216  SENS - ok
19:01:39.0947 2216  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:01:40.0009 2216  SensrSvc - ok
19:01:40.0025 2216  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:01:40.0041 2216  Serenum - ok
19:01:40.0072 2216  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:01:40.0087 2216  Serial - ok
19:01:40.0119 2216  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:01:40.0150 2216  sermouse - ok
19:01:40.0181 2216  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
19:01:40.0259 2216  SessionEnv - ok
19:01:40.0306 2216  [ 02DED435FCAA1C02959051AF636E154A ] sesvc           C:\Program Files (x86)\ShadowExplorer\sesvc.exe
19:01:40.0321 2216  sesvc ( UnsignedFile.Multi.Generic ) - warning
19:01:40.0321 2216  sesvc - detected UnsignedFile.Multi.Generic (1)
19:01:40.0337 2216  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:01:40.0353 2216  sffdisk - ok
19:01:40.0368 2216  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:01:40.0384 2216  sffp_mmc - ok
19:01:40.0384 2216  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:01:40.0399 2216  sffp_sd - ok
19:01:40.0415 2216  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:01:40.0415 2216  sfloppy - ok
19:01:40.0446 2216  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:01:40.0477 2216  SharedAccess - ok
19:01:40.0524 2216  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:01:40.0571 2216  ShellHWDetection - ok
19:01:40.0571 2216  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:01:40.0587 2216  SiSRaid2 - ok
19:01:40.0602 2216  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:01:40.0618 2216  SiSRaid4 - ok
19:01:40.0649 2216  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:01:40.0711 2216  Smb - ok
19:01:40.0758 2216  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:01:40.0774 2216  SNMPTRAP - ok
19:01:40.0789 2216  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:01:40.0805 2216  spldr - ok
19:01:40.0821 2216  [ 89E8550C5862999FCF482EA562B0E98E ] Spooler         C:\Windows\System32\spoolsv.exe
19:01:40.0836 2216  Spooler - ok
19:01:40.0852 2216  sppsvc - ok
19:01:40.0852 2216  sppuinotify - ok
19:01:40.0883 2216  [ EC8F67289105BF270498095F14963464 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:01:40.0914 2216  srv - ok
19:01:40.0930 2216  [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:01:40.0977 2216  srv2 - ok
19:01:40.0992 2216  [ 26E84D3649019C3244622E654DFCD75B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:01:41.0070 2216  srvnet - ok
19:01:41.0133 2216  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:01:41.0179 2216  SSDPSRV - ok
19:01:41.0179 2216  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:01:41.0211 2216  SstpSvc - ok
19:01:41.0226 2216  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:01:41.0242 2216  stexstor - ok
19:01:41.0289 2216  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
19:01:41.0335 2216  stisvc - ok
19:01:41.0367 2216  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:01:41.0382 2216  storflt - ok
19:01:41.0413 2216  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
19:01:41.0413 2216  storvsc - ok
19:01:41.0445 2216  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:01:41.0445 2216  swenum - ok
19:01:41.0476 2216  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:01:41.0523 2216  swprv - ok
19:01:41.0569 2216  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
19:01:41.0647 2216  SysMain - ok
19:01:41.0663 2216  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:01:41.0694 2216  TabletInputService - ok
19:01:41.0725 2216  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:01:41.0772 2216  TapiSrv - ok
19:01:41.0788 2216  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:01:41.0835 2216  TBS - ok
19:01:41.0897 2216  [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:01:41.0944 2216  Tcpip - ok
19:01:41.0991 2216  [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:01:42.0022 2216  TCPIP6 - ok
19:01:42.0037 2216  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:01:42.0084 2216  tcpipreg - ok
19:01:42.0131 2216  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:01:42.0209 2216  TDPIPE - ok
19:01:42.0209 2216  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:01:42.0240 2216  TDTCP - ok
19:01:42.0256 2216  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:01:42.0287 2216  tdx - ok
19:01:42.0303 2216  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:01:42.0303 2216  TermDD - ok
19:01:42.0334 2216  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
19:01:42.0412 2216  TermService - ok
19:01:42.0427 2216  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:01:42.0459 2216  Themes - ok
19:01:42.0490 2216  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:01:42.0521 2216  THREADORDER - ok
19:01:42.0537 2216  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:01:42.0583 2216  TrkWks - ok
19:01:42.0646 2216  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:01:42.0677 2216  TrustedInstaller - ok
19:01:42.0677 2216  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:01:42.0724 2216  tssecsrv - ok
19:01:42.0755 2216  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:01:42.0817 2216  tunnel - ok
19:01:42.0849 2216  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:01:42.0864 2216  uagp35 - ok
19:01:42.0880 2216  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:01:42.0927 2216  udfs - ok
19:01:42.0942 2216  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:01:42.0958 2216  UI0Detect - ok
19:01:42.0973 2216  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:01:42.0989 2216  uliagpkx - ok
19:01:43.0020 2216  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:01:43.0051 2216  umbus - ok
19:01:43.0051 2216  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:01:43.0067 2216  UmPass - ok
19:01:43.0129 2216  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:01:43.0145 2216  UmRdpService - ok
19:01:43.0254 2216  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:01:43.0270 2216  UMVPFSrv - ok
19:01:43.0332 2216  [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
19:01:43.0348 2216  UnlockerDriver5 - ok
19:01:43.0379 2216  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:01:43.0426 2216  upnphost - ok
19:01:43.0457 2216  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:01:43.0488 2216  usbaudio - ok
19:01:43.0504 2216  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:01:43.0504 2216  usbccgp - ok
19:01:43.0535 2216  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:01:43.0582 2216  usbcir - ok
19:01:43.0582 2216  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:01:43.0613 2216  usbehci - ok
19:01:43.0629 2216  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:01:43.0675 2216  usbhub - ok
19:01:43.0691 2216  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:01:43.0707 2216  usbohci - ok
19:01:43.0722 2216  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:01:43.0753 2216  usbprint - ok
19:01:43.0785 2216  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:01:43.0800 2216  USBSTOR - ok
19:01:43.0800 2216  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:01:43.0816 2216  usbuhci - ok
19:01:43.0847 2216  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:01:43.0894 2216  usbvideo - ok
19:01:43.0941 2216  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
19:01:43.0956 2216  usb_rndisx - ok
19:01:43.0987 2216  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:01:44.0019 2216  UxSms - ok
19:01:44.0034 2216  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
19:01:44.0050 2216  VaultSvc - ok
19:01:44.0065 2216  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:01:44.0065 2216  vdrvroot - ok
19:01:44.0097 2216  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
19:01:44.0143 2216  vds - ok
19:01:44.0159 2216  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:01:44.0159 2216  vga - ok
19:01:44.0175 2216  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:01:44.0221 2216  VgaSave - ok
19:01:44.0253 2216  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:01:44.0268 2216  vhdmp - ok
19:01:44.0284 2216  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:01:44.0299 2216  viaide - ok
19:01:44.0331 2216  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
19:01:44.0346 2216  vmbus - ok
19:01:44.0362 2216  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
19:01:44.0377 2216  VMBusHID - ok
19:01:44.0409 2216  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:01:44.0409 2216  volmgr - ok
19:01:44.0424 2216  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:01:44.0440 2216  volmgrx - ok
19:01:44.0455 2216  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
19:01:44.0471 2216  volsnap - ok
19:01:44.0487 2216  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:01:44.0502 2216  vsmraid - ok
19:01:44.0533 2216  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
19:01:44.0596 2216  VSS - ok
19:01:44.0611 2216  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:01:44.0643 2216  vwifibus - ok
19:01:44.0643 2216  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:01:44.0689 2216  W32Time - ok
19:01:44.0705 2216  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:01:44.0736 2216  WacomPen - ok
19:01:44.0752 2216  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:01:44.0799 2216  WANARP - ok
19:01:44.0814 2216  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:01:44.0845 2216  Wanarpv6 - ok
19:01:44.0908 2216  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
19:01:44.0970 2216  wbengine - ok
19:01:44.0986 2216  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:01:45.0001 2216  WbioSrvc - ok
19:01:45.0017 2216  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
19:01:45.0033 2216  WcesComm - ok
19:01:45.0048 2216  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:01:45.0064 2216  wcncsvc - ok
19:01:45.0079 2216  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:01:45.0095 2216  WcsPlugInService - ok
19:01:45.0111 2216  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:01:45.0126 2216  Wd - ok
19:01:45.0142 2216  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:01:45.0157 2216  Wdf01000 - ok
19:01:45.0173 2216  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:01:45.0204 2216  WdiServiceHost - ok
19:01:45.0220 2216  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:01:45.0235 2216  WdiSystemHost - ok
19:01:45.0251 2216  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
19:01:45.0298 2216  WebClient - ok
19:01:45.0329 2216  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:01:45.0391 2216  Wecsvc - ok
19:01:45.0407 2216  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:01:45.0469 2216  wercplsupport - ok
19:01:45.0501 2216  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:01:45.0532 2216  WerSvc - ok
19:01:45.0563 2216  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:01:45.0610 2216  WfpLwf - ok
19:01:45.0625 2216  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:01:45.0641 2216  WIMMount - ok
19:01:45.0657 2216  WinDefend - ok
19:01:45.0657 2216  WinHttpAutoProxySvc - ok
19:01:45.0719 2216  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:01:45.0766 2216  Winmgmt - ok
19:01:45.0844 2216  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:01:45.0922 2216  WinRM - ok
19:01:45.0984 2216  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:01:46.0031 2216  Wlansvc - ok
19:01:46.0031 2216  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:01:46.0047 2216  WmiAcpi - ok
19:01:46.0062 2216  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:01:46.0093 2216  wmiApSrv - ok
19:01:46.0109 2216  WMPNetworkSvc - ok
19:01:46.0125 2216  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:01:46.0140 2216  WPCSvc - ok
19:01:46.0171 2216  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:01:46.0203 2216  WPDBusEnum - ok
19:01:46.0234 2216  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:01:46.0296 2216  ws2ifsl - ok
19:01:46.0327 2216  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:01:46.0359 2216  wscsvc - ok
19:01:46.0359 2216  WSearch - ok
19:01:46.0452 2216  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:01:46.0515 2216  wuauserv - ok
19:01:46.0530 2216  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:01:46.0577 2216  WudfPf - ok
19:01:46.0608 2216  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:01:46.0639 2216  WUDFRd - ok
19:01:46.0655 2216  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:01:46.0717 2216  wudfsvc - ok
19:01:46.0717 2216  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:01:46.0764 2216  WwanSvc - ok
19:01:46.0780 2216  ================ Scan global ===============================
19:01:46.0811 2216  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:01:46.0842 2216  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
19:01:46.0842 2216  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
19:01:46.0889 2216  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:01:46.0936 2216  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:01:46.0951 2216  [Global] - ok
19:01:46.0951 2216  ================ Scan MBR ==================================
19:01:46.0967 2216  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:01:47.0435 2216  \Device\Harddisk2\DR2 - ok
19:01:47.0435 2216  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:01:47.0903 2216  \Device\Harddisk0\DR0 - ok
19:01:47.0919 2216  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
19:01:47.0981 2216  \Device\Harddisk1\DR1 - ok
19:01:47.0981 2216  ================ Scan VBR ==================================
19:01:47.0981 2216  [ 12D2D0A89AA46F10D96753AE80C204B4 ] \Device\Harddisk2\DR2\Partition1
19:01:47.0981 2216  \Device\Harddisk2\DR2\Partition1 - ok
19:01:47.0997 2216  [ 3DF450870E0115AD0A6342D492DFBAD1 ] \Device\Harddisk0\DR0\Partition1
19:01:47.0997 2216  \Device\Harddisk0\DR0\Partition1 - ok
19:01:48.0028 2216  [ AC8FF6778FFBA5BDE4E226360C2179C0 ] \Device\Harddisk1\DR1\Partition1
19:01:48.0028 2216  \Device\Harddisk1\DR1\Partition1 - ok
19:01:48.0028 2216  ============================================================
19:01:48.0028 2216  Scan finished
19:01:48.0028 2216  ============================================================
19:01:48.0043 4796  Detected object count: 3
19:01:48.0043 4796  Actual detected object count: 3
19:02:10.0585 4796  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
19:02:10.0585 4796  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:02:10.0585 4796  DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
19:02:10.0585 4796  DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:02:10.0585 4796  sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:02:10.0585 4796  sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:02:32.0628 4996  Deinitialize success

Mfg Onesirow0202

cosinus · 26.02.2013, 00:27

Dann bitte jetzt CF ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Onesirow0202 · 26.02.2013, 20:48

So hier ist das Log-File von Combofix.
Es ist alles ohne Mucken durchgelaufen.

Code:

ATTFilter

ComboFix 13-02-26.01 - ************ 26.02.2013  20:32:07.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2047.1187 [GMT 1:00]
ausgeführt von:: c:\users\************\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-26 bis 2013-02-26  ))))))))))))))))))))))))))))))
.
.
2013-02-25 11:20 . 2013-02-25 11:20	--------	d-----w-	c:\users\************\AppData\Roaming\Malwarebytes
2013-02-25 11:20 . 2013-02-25 11:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-24 20:37 . 2013-02-24 20:37	--------	d-----w-	c:\users\************\AppData\Local\Programs
2013-02-24 16:16 . 2013-02-24 16:34	--------	d-----w-	c:\users\************\Doctor Web
2013-02-24 15:50 . 2013-02-25 11:46	--------	d-----w-	c:\program files\Recuva
2013-02-24 15:45 . 2013-02-24 15:45	--------	d-----w-	c:\users\************\AppData\Roaming\www.shadowexplorer.com
2013-02-24 15:45 . 2013-02-24 15:45	--------	d-----w-	c:\program files (x86)\ShadowExplorer
2013-02-24 13:42 . 2013-02-24 13:42	--------	d-----w-	C:\$AVG
2013-02-24 13:42 . 2013-02-24 13:42	--------	d-----w-	c:\program files (x86)\AVG
2013-02-24 13:38 . 2013-02-24 15:18	--------	d-----w-	c:\programdata\MFAData
2013-02-24 13:38 . 2013-02-24 13:38	--------	d--h--w-	c:\programdata\Common Files
2013-02-24 13:38 . 2013-02-24 13:38	--------	d-----w-	c:\users\************\AppData\Local\MFAData
2013-02-24 13:38 . 2013-02-24 13:38	--------	d-----w-	c:\users\************\AppData\Local\Avg2013
2013-02-18 17:22 . 2013-02-18 17:22	--------	d-----w-	c:\program files (x86)\OpenTTD
2013-02-11 23:20 . 2013-02-11 23:20	--------	d-----w-	c:\users\************\AppData\Roaming\FlashGet
2013-02-11 23:20 . 2013-02-11 23:20	--------	d-----w-	c:\program files (x86)\FlashGet
2013-02-09 11:19 . 2011-05-30 13:42	240640	----a-w-	c:\windows\SysWow64\xvidvfw.dll
2013-02-09 11:19 . 2011-05-30 13:42	255488	----a-w-	c:\windows\system32\xvidvfw.dll
2013-02-09 11:19 . 2011-05-23 09:52	153088	----a-w-	c:\windows\SysWow64\xvid.ax
2013-02-09 11:19 . 2011-05-23 07:49	173568	----a-w-	c:\windows\system32\xvid.ax
2013-02-09 11:19 . 2011-05-23 07:46	645632	----a-w-	c:\windows\SysWow64\xvidcore.dll
2013-02-09 11:19 . 2011-05-23 07:45	696832	----a-w-	c:\windows\system32\xvidcore.dll
2013-02-09 11:19 . 2013-02-09 11:20	--------	d-----w-	c:\program files (x86)\Xvid
2013-02-09 11:18 . 2013-02-25 11:50	--------	d-----w-	c:\program files (x86)\Windows Codec Pack
2013-02-06 20:21 . 2013-02-06 20:21	--------	d-----w-	c:\users\************\AppData\Local\Logitech® Webcam-Software
2013-02-06 20:19 . 2013-02-06 20:19	--------	d-----w-	c:\users\************\AppData\Local\LogiShrd
2013-02-06 20:10 . 2013-02-06 20:10	53248	----a-r-	c:\users\Moritz Weidner\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-02-06 20:10 . 2013-02-06 20:10	--------	d-----w-	c:\users\************\AppData\Roaming\Leadertech
2013-02-06 20:09 . 2013-02-06 20:10	--------	d-----w-	c:\program files\Common Files\Logishrd
2013-02-06 20:09 . 2013-02-06 20:09	--------	d-----w-	c:\programdata\Logitech
2013-02-06 20:09 . 2013-02-06 20:09	--------	d-----w-	c:\program files (x86)\Common Files\LWS
2013-02-06 20:09 . 2013-02-06 20:11	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2013-02-06 20:08 . 2013-02-06 20:10	--------	d-----w-	c:\program files (x86)\Logitech
2013-02-06 20:08 . 2013-02-06 20:08	--------	d-----w-	c:\programdata\LogiShrd
2013-02-06 20:01 . 2013-02-06 20:01	--------	d-----w-	c:\users\************\AppData\Roaming\ooVoo Details
2013-02-06 20:01 . 2013-02-06 20:01	--------	d-----w-	c:\program files (x86)\ooVoo
2013-02-06 18:08 . 2013-02-06 18:08	--------	d-----w-	c:\program files\WinRAR
2013-02-06 17:17 . 2013-02-06 17:19	--------	d-----w-	c:\windows\WindowsMobile
2013-02-06 17:15 . 2013-02-06 17:15	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2013-02-03 19:51 . 2013-02-03 20:01	--------	d-----w-	c:\users\************\AppData\Local\Microsoft Games
2013-02-03 14:45 . 2013-02-03 14:45	715038	----a-w-	c:\windows\unins000.exe
2013-02-02 11:21 . 2013-02-12 14:20	--------	d-----w-	c:\users\************\AppData\Local\Spotify
2013-02-02 11:21 . 2013-02-26 19:26	--------	d-----w-	c:\users\************\AppData\Roaming\Spotify
2013-02-01 19:43 . 2013-02-01 19:43	--------	d-----w-	c:\users\************\AppData\Local\PutLockerDownloader
2013-02-01 19:43 . 2013-02-01 19:43	--------	d-----w-	c:\programdata\Tarma Installer
2013-02-01 14:10 . 2013-01-12 02:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-28 20:38 . 2013-01-28 20:38	--------	d-----w-	c:\users\************\AppData\Local\CRE
2013-01-28 20:37 . 2013-02-26 19:38	--------	d-----w-	c:\program files (x86)\Giraffic
2013-01-28 20:37 . 2013-02-24 15:18	--------	d-----w-	c:\programdata\Giraffic
2013-01-28 20:37 . 2013-01-28 20:37	--------	d-----w-	c:\program files (x86)\Veoh Networks
2013-01-28 14:44 . 2013-01-28 14:44	--------	d-----w-	c:\users\************\AppData\Roaming\OpenOffice.org
2013-01-28 14:42 . 2013-01-28 14:42	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 15:24 . 2013-01-17 16:19	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{66D651BB-5693-4B98-8EC7-82E8249DBCF9}\offreg.dll
2013-02-07 20:51 . 2013-01-14 15:49	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 20:51 . 2013-01-14 15:49	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-14 15:45 . 2013-01-14 15:45	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-14 15:45 . 2013-01-14 15:45	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-11 4692840]
"Spotify"="c:\users\************\AppData\Roaming\Spotify\Spotify.exe" [2013-02-02 7880664]
"Spotify Web Helper"="c:\users\************\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-02 1199576]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-02-06 28469312]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\Q-Button\QButton.exe" [2009-06-02 1968640]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Flashget"="c:\program files (x86)\FlashGet\FlashGet.exe" [2007-09-25 2007088]
.
c:\users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-06-05 315392]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2013-01-02 9216]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 01:07	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 20:51]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14 15:46]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14 15:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-AutoLoader - c:\users\MORITZ~1\AppData\Local\Temp\Traymonitor.exe
AddRemove-1ClickDownload - c:\program files (x86)\SockshareDownloader.com\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\SecuROM\License information*]
"datasecu"=hex:05,6b,bc,6a,57,3a,23,99,ab,47,2b,33,2c,06,74,f3,ee,ac,f0,a0,8a,
   a8,5f,45,5d,64,af,92,01,95,9f,5e,33,ac,7c,c5,68,02,c0,84,8b,5f,cb,ad,3e,4a,\
"rkeysecu"=hex:f7,2f,2b,be,27,72,29,ab,e4,ee,d9,6c,68,48,5f,67
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\AMD AVT\bin\kdbsync.exe
c:\windows\SysWOW64\WerFault.exe
c:\users\************\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
c:\users\************\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-26  20:41:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-26 19:41
.
Vor Suchlauf: 7 Verzeichnis(se), 457.855.836.160 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 458.052.374.528 Bytes frei
.
- - End Of File - - 69A479FC09EA61C6308C13DF35F2ADD3

Ich wollte mich für Eure Hilfe mal bedanken.

Mfg Onesirow0202

24.02.2013, 22:31	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	12 KB Verschlüsselungstrojaner Und was soll ich da jetzt machen? Ich kann deine Daten auch nicht mehr herzaubern Entschlüsseln kannste vergessen, da geht nicht und es gibt auch kein Tools dafür. Jetzt helfen nur noch Schattenkopien (wenn aktiv) oder ein Backup was früher gemacht wurde __________________ Logfiles bitte immer in CODE-Tags posten

24.02.2013, 22:45	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	12 KB Verschlüsselungstrojaner Was hast du denn jetzt vor? Willst du das System putzen oder plätten und komplett neu installieren? __________________ --> 12 KB Verschlüsselungstrojaner

12 KB Verschlüsselungstrojaner

Log-Analyse und Auswertung: 12 KB Verschlüsselungstrojaner