Trojaner-Board - Mich hat's auch erwischt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Mich hat's auch erwischt - AKM Virus (https://www.trojaner-board.de/114811-mich-hats-erwischt-akm-virus.html)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

bitteschön:

OTL Logfile:

Code:

OTL logfile created on: 13.05.2012 22:22:08 - Run 1

OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Admin\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,98 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 80,99% Memory free

15,95 Gb Paging File | 14,36 Gb Available in Paging File | 90,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111,79 Gb Total Space | 67,47 Gb Free Space | 60,36% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 61,86 Gb Free Space | 6,64% Space Free | Partition Type: NTFS

Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive H: | 146,48 Gb Total Space | 10,35 Gb Free Space | 7,07% Space Free | Partition Type: NTFS

Drive L: | 132,98 Gb Total Space | 21,28 Gb Free Space | 16,00% Space Free | Partition Type: NTFS

Drive M: | 55,90 Gb Total Space | 53,04 Gb Free Space | 94,88% Space Free | Partition Type: NTFS

 

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.13 22:20:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

PRC - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

PRC - [2010.05.05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2010.05.05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2009.01.09 21:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2009.01.09 21:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.05.10 20:55:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll

MOD - [2012.05.10 20:55:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll

MOD - [2012.05.10 20:50:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012.05.10 20:49:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll

MOD - [2012.05.10 20:49:43 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll

MOD - [2012.05.10 20:49:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012.05.10 20:49:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012.05.10 20:49:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.05.10 20:49:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012.05.10 20:49:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2006.06.09 15:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.04.25 18:22:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.04.01 21:07:13 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.01.28 17:57:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)

SRV - [2012.01.12 19:25:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2010.12.02 11:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)

SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010.11.03 18:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)

SRV - [2010.10.27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2010.10.21 18:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.01.30 18:49:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.12.28 21:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.12.08 19:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2010.12.08 19:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.10.27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2010.10.27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2010.10.27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2010.10.27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2010.10.27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2010.10.27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)

DRV:64bit: - [2010.10.27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2010.10.27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.08.18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)

DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

 

 

 

 

IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA A7 08 12 F6 02 CD 01  [binary data]

IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKCU\Software\MozillaPlugins\anybots.com/Anystream: C:\Users\Admin\AppData\Roaming\Anybots\Anystream\npAnystream.dll (Anybots)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.01 14:44:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.26 13:47:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.01 14:44:00 | 000,000,000 | ---D | M]

 

[2012.01.26 13:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2012.04.25 22:28:48 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\THUNDERBIRD\PROFILES\Z7L0CR22.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

 

O1 HOSTS File: ([2012.05.09 02:36:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C31483AC-D743-48D1-BE36-4734930422D2}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found

O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe

O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe

O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell - "" = AutoRun

O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell\AutoRun\command - "" = N:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: ASUS ShellProcess Execute - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: VX5LWxsct4OYCCz - hkey= - key= -  File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {19460C54-2912-9819-DD13-028CAD6588C5} - Microsoft Windows Media Player 12.0

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {420435CF-6E35-8C59-0B6A-1374D44868C3} - Microsoft Windows Media Player

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.13 22:20:50 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2012.05.11 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.05.11 16:04:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.05.11 16:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.11 16:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.05.06 00:01:17 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.05.02 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\chili

[2012.04.25 18:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.04.25 18:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.04.25 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\CAPCOM

[2012.04.22 17:08:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.13 22:20:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2012.05.13 21:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.13 14:35:33 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.13 14:35:33 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.13 14:32:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.05.13 14:32:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.05.13 14:32:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.05.13 14:32:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.05.13 14:32:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.05.13 14:29:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012.05.13 14:28:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.13 14:28:12 | 2129,190,911 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.13 00:08:25 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.05.13 00:08:25 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.05.13 00:08:25 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.05.10 20:47:11 | 000,283,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.05.03 21:11:10 | 000,062,558 | ---- | M] () -- C:\Users\Admin\Desktop\Foto.JPG

[2012.04.30 23:02:00 | 000,000,080 | ---- | M] () -- C:\Users\Admin\AppData\Local\CrystalDiskMark30.ini

[2012.04.30 21:57:50 | 000,018,831 | ---- | M] () -- C:\Users\Admin\Desktop\Benchmark_RAMDisk.pdf

[2012.04.30 21:41:54 | 000,718,503 | ---- | M] () -- C:\Users\Admin\Desktop\Memo.m4a

[2012.04.28 19:55:58 | 000,000,435 | ---- | M] () -- C:\Users\Public\Desktop\The Walking Dead.lnk

[2012.04.25 18:22:17 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012.04.25 18:22:17 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.04.25 18:22:17 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc

[2012.04.15 23:23:35 | 000,012,711 | ---- | M] () -- C:\Users\Admin\Documents\algenkur.ods

 
 ========== Files Created - No Company Name ==========

 

[2012.05.03 21:11:08 | 000,062,558 | ---- | C] () -- C:\Users\Admin\Desktop\Foto.JPG

[2012.04.30 22:32:41 | 000,000,080 | ---- | C] () -- C:\Users\Admin\AppData\Local\CrystalDiskMark30.ini

[2012.04.30 21:57:50 | 000,018,831 | ---- | C] () -- C:\Users\Admin\Desktop\Benchmark_RAMDisk.pdf

[2012.04.30 21:41:54 | 000,718,503 | ---- | C] () -- C:\Users\Admin\Desktop\Memo.m4a

[2012.04.30 21:32:19 | 006,074,924 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0009.WAV

[2012.04.30 21:27:26 | 012,554,412 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0019.WAV

[2012.04.30 21:18:54 | 035,419,436 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0026.WAV

[2012.04.30 21:16:04 | 020,299,756 | ---- | C] () -- C:\Users\Admin\Desktop\SONG0028.WAV

[2012.04.28 19:55:58 | 000,000,435 | ---- | C] () -- C:\Users\Public\Desktop\The Walking Dead.lnk

[2012.04.25 18:47:39 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk

[2012.04.25 18:24:15 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.04.25 18:24:15 | 000,061,256 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.04.25 18:24:15 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.04.25 18:22:17 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL

[2012.04.25 18:22:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012.04.25 18:22:17 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL

[2012.04.25 18:22:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012.04.25 18:22:17 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc

[2012.04.15 23:23:35 | 000,012,711 | ---- | C] () -- C:\Users\Admin\Documents\algenkur.ods

[2012.02.18 12:06:44 | 000,007,604 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg

[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012.02.01 14:41:59 | 000,183,121 | ---- | C] () -- C:\Windows\hpoins38.dat

[2012.02.01 14:41:59 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat

[2012.01.29 00:15:48 | 001,001,680 | ---- | C] () -- C:\Windows\PE_Rom.dll

[2012.01.28 23:50:04 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2012.01.28 23:47:49 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012.01.28 18:09:04 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL

[2012.01.26 12:56:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012.01.26 12:56:40 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

 
 ========== LOP Check ==========

 

[2012.02.24 19:12:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anybots

[2012.02.07 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited

[2012.01.30 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2012.03.23 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla

[2012.03.05 21:31:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LOVE

[2012.03.26 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MotioninJoy

[2012.02.25 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OnLive App

[2012.02.01 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org

[2012.01.26 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera

[2012.02.04 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Phrosh

[2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird

[2012.02.01 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Trillian

[2012.02.06 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\DAEMON Tools Lite

[2012.05.06 12:28:56 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\LSoft Technologies

[2012.02.01 23:44:40 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Opera

[2012.05.05 23:52:01 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Trillian

[2012.02.01 23:59:23 | 000,000,000 | ---D | M] -- C:\Users\Kirby\AppData\Roaming\Opera

[2012.01.29 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\Opera

[2012.01.29 15:10:44 | 000,000,000 | ---D | M] -- C:\Users\Tank\AppData\Roaming\Thunderbird

[2012.02.01 23:57:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Opera

[2012.03.25 13:05:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.02.04 14:43:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe

[2012.02.24 19:12:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anybots

[2012.02.07 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited

[2012.01.30 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2012.05.08 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss

[2012.03.23 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla

[2012.03.13 12:17:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HP

[2012.01.26 12:55:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities

[2012.01.26 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield

[2012.01.26 13:32:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Intel Corporation

[2012.03.05 21:31:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LOVE

[2012.01.26 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia

[2012.03.20 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes

[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs

[2012.04.25 18:45:30 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft

[2012.03.26 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MotioninJoy

[2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla

[2012.03.17 14:17:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVIDIA

[2012.02.25 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OnLive App

[2012.02.01 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org

[2012.01.26 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera

[2012.02.04 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Phrosh

[2012.05.13 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype

[2012.01.26 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird

[2012.02.01 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Trillian

[2012.05.13 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc

[2012.01.28 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

[2003.01.04 18:21:22 | 000,643,072 | ---- | M] () -- C:\JoyToKey.exe

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys

[2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O20 - HKLM Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found

O20 - HKU\S-1-5-21-319583329-2873186953-3674044672-1000 Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\itunes_service86.exe) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe

O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe

O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell - "" = AutoRun

O33 - MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\Shell\AutoRun\command - "" = N:\setup.exe

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

done. taskmanager ist immer noch von administrator deaktiviert.
edit: taskmanager ließ sich über die gruppenrichtlinien wieder aktivieren :)

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Admin\AppData\Roaming\itunes_service86.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-319583329-2873186953-3674044672-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Admin\AppData\Roaming\itunes_service86.exe deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d6ecd42-4811-11e1-a3b5-806e6f6e6963}\ not found.

File E:\Start.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9b3748-480b-11e1-ad33-806e6f6e6963}\ not found.

File E:\.\Bin\ASSETUP.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3cc0126-4b4d-11e1-adf7-0026832dc406}\ not found.

File N:\setup.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 1070386823 bytes

->Temporary Internet Files folder emptied: 167097404 bytes

->Java cache emptied: 72851 bytes

->Opera cache emptied: 3166088 bytes

->Flash cache emptied: 32004 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Kathrin

->Temp folder emptied: 536786 bytes

->Temporary Internet Files folder emptied: 181471044 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 5419 bytes

 

User: Kirby

->Temp folder emptied: 85550 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Opera cache emptied: 6839480 bytes

 

User: Public

 

User: Tank

->Temp folder emptied: 26190103 bytes

->Temporary Internet Files folder emptied: 1901202 bytes

->Java cache emptied: 0 bytes

->Opera cache emptied: 11950098 bytes

->Flash cache emptied: 1019 bytes

 

User: Tobi

->Temp folder emptied: 85550 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Opera cache emptied: 8807680 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 845202566 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 14044216569 bytes

 

Total Files Cleaned = 15.610,00 mb

 

 

[EMPTYFLASH]

 

User: Admin

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

 

User: Default User

 

User: Kathrin

->Flash cache emptied: 0 bytes

 

User: Kirby

 

User: Public

 

User: Tank

->Flash cache emptied: 0 bytes

 

User: Tobi

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.3 log created on 05142012_124227
 

Files\Folders moved on Reboot...

C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

erledigt!
scheinen mir drucker und soundkartentreiber zu sein

Code:

13:59:35.0889 4352        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

13:59:35.0964 4352        ============================================================

13:59:35.0964 4352        Current date / time: 2012/05/14 13:59:35.0964

13:59:35.0964 4352        SystemInfo:

13:59:35.0964 4352        

13:59:35.0964 4352        OS Version: 6.1.7601 ServicePack: 1.0

13:59:35.0964 4352        Product type: Workstation

13:59:35.0964 4352        ComputerName: ADMIN-PC

13:59:35.0964 4352        UserName: Admin

13:59:35.0964 4352        Windows directory: C:\Windows

13:59:35.0964 4352        System windows directory: C:\Windows

13:59:35.0964 4352        Running under WOW64

13:59:35.0964 4352        Processor architecture: Intel x64

13:59:35.0964 4352        Number of processors: 4

13:59:35.0964 4352        Page size: 0x1000

13:59:35.0964 4352        Boot type: Normal boot

13:59:35.0964 4352        ============================================================

13:59:36.0114 4352        Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:59:36.0114 4352        Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:59:36.0129 4352        Drive \Device\Harddisk2\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040

13:59:36.0564 4352        Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:59:36.0577 4352        ============================================================

13:59:36.0577 4352        \Device\Harddisk0\DR0:

13:59:36.0577 4352        MBR partitions:

13:59:36.0577 4352        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800

13:59:36.0577 4352        \Device\Harddisk1\DR1:

13:59:36.0577 4352        MBR partitions:

13:59:36.0577 4352        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800

13:59:36.0577 4352        \Device\Harddisk2\DR2:

13:59:36.0577 4352        MBR partitions:

13:59:36.0577 4352        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F8021

13:59:36.0589 4352        \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x124F809F, BlocksNum 0x109F34C1

13:59:36.0589 4352        \Device\Harddisk3\DR3:

13:59:36.0589 4352        MBR partitions:

13:59:36.0589 4352        \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

13:59:36.0589 4352        ============================================================

13:59:36.0589 4352        C: <-> \Device\Harddisk1\DR1\Partition0

13:59:36.0637 4352        D: <-> \Device\Harddisk3\DR3\Partition0

13:59:36.0672 4352        H: <-> \Device\Harddisk2\DR2\Partition0

13:59:36.0707 4352        L: <-> \Device\Harddisk2\DR2\Partition1

13:59:36.0709 4352        M: <-> \Device\Harddisk0\DR0\Partition0

13:59:36.0709 4352        ============================================================

13:59:36.0709 4352        Initialize success

13:59:36.0709 4352        ============================================================

14:01:43.0680 4944        ============================================================

14:01:43.0680 4944        Scan started

14:01:43.0680 4944        Mode: Manual; SigCheck; TDLFS; 

14:01:43.0680 4944        ============================================================

14:01:43.0790 4944        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

14:01:43.0836 4944        1394ohci - ok

14:01:43.0852 4944        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:01:43.0852 4944        ACPI - ok

14:01:43.0852 4944        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:01:43.0868 4944        AcpiPmi - ok

14:01:43.0868 4944        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:01:43.0883 4944        AdobeARMservice - ok

14:01:43.0899 4944        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:01:43.0899 4944        AdobeFlashPlayerUpdateSvc - ok

14:01:43.0914 4944        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:01:43.0930 4944        adp94xx - ok

14:01:43.0946 4944        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:01:43.0946 4944        adpahci - ok

14:01:43.0961 4944        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:01:43.0961 4944        adpu320 - ok

14:01:43.0961 4944        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:01:43.0992 4944        AeLookupSvc - ok

14:01:44.0008 4944        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:01:44.0008 4944        AFD - ok

14:01:44.0024 4944        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:01:44.0024 4944        agp440 - ok

14:01:44.0024 4944        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:01:44.0039 4944        ALG - ok

14:01:44.0039 4944        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:01:44.0039 4944        aliide - ok

14:01:44.0055 4944        ALSysIO - ok

14:01:44.0055 4944        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:01:44.0055 4944        amdide - ok

14:01:44.0055 4944        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:01:44.0070 4944        AmdK8 - ok

14:01:44.0070 4944        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

14:01:44.0070 4944        AmdPPM - ok

14:01:44.0086 4944        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:01:44.0086 4944        amdsata - ok

14:01:44.0102 4944        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:01:44.0102 4944        amdsbs - ok

14:01:44.0102 4944        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:01:44.0117 4944        amdxata - ok

14:01:44.0117 4944        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:01:44.0133 4944        AppID - ok

14:01:44.0133 4944        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:01:44.0148 4944        AppIDSvc - ok

14:01:44.0164 4944        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:01:44.0180 4944        Appinfo - ok

14:01:44.0180 4944        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

14:01:44.0195 4944        AppMgmt - ok

14:01:44.0195 4944        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:01:44.0211 4944        arc - ok

14:01:44.0211 4944        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:01:44.0211 4944        arcsas - ok

14:01:44.0242 4944        asComSvc        (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

14:01:44.0273 4944        asComSvc - ok

14:01:44.0289 4944        asHmComSvc      (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

14:01:44.0304 4944        asHmComSvc - ok

14:01:44.0320 4944        AsIO            (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys

14:01:44.0320 4944        AsIO - ok

14:01:44.0351 4944        asmthub3        (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys

14:01:44.0367 4944        asmthub3 - ok

14:01:44.0367 4944        asmtxhci        (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys

14:01:44.0382 4944        asmtxhci - ok

14:01:44.0398 4944        AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

14:01:44.0398 4944        AsSysCtrlService - ok

14:01:44.0414 4944        AsUpIO          (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys

14:01:44.0414 4944        AsUpIO - ok

14:01:44.0445 4944        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:01:44.0460 4944        AsyncMac - ok

14:01:44.0460 4944        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:01:44.0476 4944        atapi - ok

14:01:44.0476 4944        AthBTPort       (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys

14:01:44.0476 4944        AthBTPort - ok

14:01:44.0476 4944        ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys

14:01:44.0492 4944        ATHDFU - ok

14:01:44.0492 4944        AtherosSvc      (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

14:01:44.0492 4944        AtherosSvc - ok

14:01:44.0507 4944        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:01:44.0538 4944        AudioEndpointBuilder - ok

14:01:44.0538 4944        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:01:44.0554 4944        AudioSrv - ok

14:01:44.0570 4944        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:01:44.0570 4944        AxInstSV - ok

14:01:44.0585 4944        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:01:44.0601 4944        b06bdrv - ok

14:01:44.0616 4944        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:01:44.0616 4944        b57nd60a - ok

14:01:44.0632 4944        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:01:44.0632 4944        BDESVC - ok

14:01:44.0632 4944        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:01:44.0648 4944        Beep - ok

14:01:44.0679 4944        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

14:01:44.0694 4944        BFE - ok

14:01:44.0726 4944        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

14:01:44.0757 4944        BITS - ok

14:01:44.0757 4944        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:01:44.0757 4944        blbdrive - ok

14:01:44.0772 4944        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:01:44.0772 4944        bowser - ok

14:01:44.0772 4944        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:01:44.0788 4944        BrFiltLo - ok

14:01:44.0788 4944        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:01:44.0788 4944        BrFiltUp - ok

14:01:44.0804 4944        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:01:44.0819 4944        Browser - ok

14:01:44.0835 4944        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:01:44.0835 4944        Brserid - ok

14:01:44.0835 4944        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:01:44.0850 4944        BrSerWdm - ok

14:01:44.0850 4944        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:01:44.0866 4944        BrUsbMdm - ok

14:01:44.0866 4944        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:01:44.0866 4944        BrUsbSer - ok

14:01:44.0882 4944        BTATH_A2DP      (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys

14:01:44.0882 4944        BTATH_A2DP - ok

14:01:44.0882 4944        BTATH_BUS       (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys

14:01:44.0882 4944        BTATH_BUS - ok

14:01:44.0897 4944        BTATH_HCRP      (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys

14:01:44.0897 4944        BTATH_HCRP - ok

14:01:44.0897 4944        BTATH_LWFLT     (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys

14:01:44.0913 4944        BTATH_LWFLT - ok

14:01:44.0913 4944        BTATH_RCP       (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys

14:01:44.0913 4944        BTATH_RCP - ok

14:01:44.0928 4944        BtFilter        (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys

14:01:44.0928 4944        BtFilter - ok

14:01:44.0944 4944        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

14:01:44.0944 4944        BthEnum - ok

14:01:44.0944 4944        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:01:44.0960 4944        BTHMODEM - ok

14:01:44.0960 4944        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

14:01:44.0975 4944        BthPan - ok

14:01:44.0991 4944        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

14:01:44.0991 4944        BTHPORT - ok

14:01:45.0006 4944        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:01:45.0022 4944        bthserv - ok

14:01:45.0022 4944        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

14:01:45.0022 4944        BTHUSB - ok

14:01:45.0038 4944        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:01:45.0053 4944        cdfs - ok

14:01:45.0053 4944        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:01:45.0069 4944        cdrom - ok

14:01:45.0069 4944        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:01:45.0100 4944        CertPropSvc - ok

14:01:45.0100 4944        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:01:45.0100 4944        circlass - ok

14:01:45.0116 4944        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:01:45.0131 4944        CLFS - ok

14:01:45.0131 4944        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:01:45.0131 4944        clr_optimization_v2.0.50727_32 - ok

14:01:45.0147 4944        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:01:45.0147 4944        clr_optimization_v2.0.50727_64 - ok

14:01:45.0162 4944        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:01:45.0162 4944        clr_optimization_v4.0.30319_32 - ok

14:01:45.0162 4944        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:01:45.0178 4944        clr_optimization_v4.0.30319_64 - ok

14:01:45.0178 4944        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

14:01:45.0178 4944        CmBatt - ok

14:01:45.0194 4944        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:01:45.0194 4944        cmdide - ok

14:01:45.0209 4944        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

14:01:45.0225 4944        CNG - ok

14:01:45.0225 4944        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

14:01:45.0225 4944        Compbatt - ok

14:01:45.0225 4944        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:01:45.0240 4944        CompositeBus - ok

14:01:45.0240 4944        COMSysApp - ok

14:01:45.0240 4944        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:01:45.0240 4944        crcdisk - ok

14:01:45.0256 4944        Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

14:01:45.0256 4944        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

14:01:45.0256 4944        Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

14:01:45.0256 4944        Creative Dolby Digital Live Pack Licensing Service (80f3d3a4c202cda7ca886d126f9a39d9) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe

14:01:45.0256 4944        Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - warning

14:01:45.0256 4944        Creative Dolby Digital Live Pack Licensing Service - detected UnsignedFile.Multi.Generic (1)

14:01:45.0272 4944        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

14:01:45.0287 4944        CryptSvc - ok

14:01:45.0303 4944        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

14:01:45.0318 4944        CSC - ok

14:01:45.0334 4944        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

14:01:45.0350 4944        CscService - ok

14:01:45.0350 4944        CT20XUT         (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS

14:01:45.0350 4944        CT20XUT - ok

14:01:45.0350 4944        CT20XUT.SYS     (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS

14:01:45.0365 4944        CT20XUT.SYS - ok

14:01:45.0381 4944        ctac32k         (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys

14:01:45.0381 4944        ctac32k - ok

14:01:45.0396 4944        ctaud2k         (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys

14:01:45.0412 4944        ctaud2k - ok

14:01:45.0428 4944        CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

14:01:45.0428 4944        CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning

14:01:45.0428 4944        CTAudSvcService - detected UnsignedFile.Multi.Generic (1)

14:01:45.0459 4944        CTEXFIFX        (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS

14:01:45.0474 4944        CTEXFIFX - ok

14:01:45.0521 4944        CTEXFIFX.SYS    (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS

14:01:45.0537 4944        CTEXFIFX.SYS - ok

14:01:45.0568 4944        CTHWIUT         (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS

14:01:45.0568 4944        CTHWIUT - ok

14:01:45.0568 4944        CTHWIUT.SYS     (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS

14:01:45.0568 4944        CTHWIUT.SYS - ok

14:01:45.0584 4944        ctprxy2k        (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys

14:01:45.0584 4944        ctprxy2k - ok

14:01:45.0584 4944        ctsfm2k         (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys

14:01:45.0599 4944        ctsfm2k - ok

14:01:45.0615 4944        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:01:45.0630 4944        DcomLaunch - ok

14:01:45.0646 4944        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:01:45.0662 4944        defragsvc - ok

14:01:45.0677 4944        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:01:45.0693 4944        DfsC - ok

14:01:45.0708 4944        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:01:45.0724 4944        Dhcp - ok

14:01:45.0724 4944        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:01:45.0755 4944        discache - ok

14:01:45.0755 4944        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:01:45.0755 4944        Disk - ok

14:01:45.0771 4944        dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

14:01:45.0771 4944        dmvsc - ok

14:01:45.0771 4944        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:01:45.0786 4944        Dnscache - ok

14:01:45.0786 4944        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:01:45.0818 4944        dot3svc - ok

14:01:45.0818 4944        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

14:01:45.0833 4944        Dot4 - ok

14:01:45.0833 4944        Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:01:45.0833 4944        Dot4Print - ok

14:01:45.0833 4944        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

14:01:45.0849 4944        dot4usb - ok

14:01:45.0864 4944        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:01:45.0880 4944        DPS - ok

14:01:45.0880 4944        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:01:45.0880 4944        drmkaud - ok

14:01:45.0896 4944        dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

14:01:45.0896 4944        dtsoftbus01 - ok

14:01:45.0927 4944        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:01:45.0942 4944        DXGKrnl - ok

14:01:45.0942 4944        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:01:45.0974 4944        EapHost - ok

14:01:46.0036 4944        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

14:01:46.0067 4944        ebdrv - ok

14:01:46.0098 4944        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

14:01:46.0098 4944        EFS - ok

14:01:46.0130 4944        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

14:01:46.0145 4944        ehRecvr - ok

14:01:46.0145 4944        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:01:46.0145 4944        ehSched - ok

14:01:46.0176 4944        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

14:01:46.0176 4944        elxstor - ok

14:01:46.0192 4944        emupia          (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys

14:01:46.0192 4944        emupia - ok

14:01:46.0192 4944        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:01:46.0192 4944        ErrDev - ok

14:01:46.0208 4944        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:01:46.0239 4944        EventSystem - ok

14:01:46.0254 4944        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:01:46.0270 4944        exfat - ok

14:01:46.0286 4944        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:01:46.0301 4944        fastfat - ok

14:01:46.0317 4944        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

14:01:46.0332 4944        Fax - ok

14:01:46.0332 4944        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

14:01:46.0348 4944        fdc - ok

14:01:46.0348 4944        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:01:46.0364 4944        fdPHost - ok

14:01:46.0364 4944        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:01:46.0379 4944        FDResPub - ok

14:01:46.0395 4944        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:01:46.0395 4944        FileInfo - ok

14:01:46.0395 4944        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:01:46.0410 4944        Filetrace - ok

14:01:46.0426 4944        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

14:01:46.0426 4944        flpydisk - ok

14:01:46.0442 4944        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:01:46.0442 4944        FltMgr - ok

14:01:46.0473 4944        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

14:01:46.0488 4944        FontCache - ok

14:01:46.0488 4944        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:01:46.0504 4944        FontCache3.0.0.0 - ok

14:01:46.0504 4944        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:01:46.0504 4944        FsDepends - ok

14:01:46.0520 4944        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

14:01:46.0520 4944        Fs_Rec - ok

14:01:46.0520 4944        Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe

14:01:46.0535 4944        Futuremark SystemInfo Service - ok

14:01:46.0535 4944        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:01:46.0551 4944        fvevol - ok

14:01:46.0551 4944        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

14:01:46.0551 4944        gagp30kx - ok

14:01:46.0582 4944        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

14:01:46.0598 4944        gpsvc - ok

14:01:46.0644 4944        ha20x2k         (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys

14:01:46.0660 4944        ha20x2k - ok

14:01:46.0676 4944        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:01:46.0691 4944        hcw85cir - ok

14:01:46.0691 4944        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:01:46.0707 4944        HdAudAddService - ok

14:01:46.0722 4944        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:01:46.0722 4944        HDAudBus - ok

14:01:46.0722 4944        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

14:01:46.0738 4944        HidBatt - ok

14:01:46.0738 4944        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:01:46.0754 4944        HidBth - ok

14:01:46.0754 4944        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

14:01:46.0754 4944        HidIr - ok

14:01:46.0769 4944        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

14:01:46.0785 4944        hidserv - ok

14:01:46.0785 4944        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:01:46.0800 4944        HidUsb - ok

14:01:46.0800 4944        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

14:01:46.0816 4944        hkmsvc - ok

14:01:46.0832 4944        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

14:01:46.0832 4944        HomeGroupListener - ok

14:01:46.0847 4944        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

14:01:46.0847 4944        HomeGroupProvider - ok

14:01:46.0863 4944        hpqcxs08        (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

14:01:47.0315 4944        hpqcxs08 - ok

14:01:47.0315 4944        hpqddsvc        (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

14:01:47.0331 4944        hpqddsvc - ok

14:01:47.0331 4944        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:01:47.0346 4944        HpSAMD - ok

14:01:47.0362 4944        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:01:47.0393 4944        HTTP - ok

14:01:47.0393 4944        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:01:47.0393 4944        hwpolicy - ok

14:01:47.0393 4944        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

14:01:47.0409 4944        i8042prt - ok

14:01:47.0424 4944        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

14:01:47.0424 4944        iaStor - ok

14:01:47.0424 4944        IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

14:01:47.0440 4944        IAStorDataMgrSvc - ok

14:01:47.0440 4944        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:01:47.0456 4944        iaStorV - ok

14:01:47.0456 4944        ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys

14:01:47.0456 4944        ICCWDT - ok

14:01:47.0487 4944        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:01:47.0502 4944        idsvc - ok

14:01:47.0502 4944        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

14:01:47.0502 4944        iirsp - ok

14:01:47.0534 4944        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

14:01:47.0549 4944        IKEEXT - ok

14:01:47.0612 4944        IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys

14:01:47.0643 4944        IntcAzAudAddService - ok

14:01:47.0658 4944        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:01:47.0674 4944        intelide - ok

14:01:47.0674 4944        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:01:47.0690 4944        intelppm - ok

14:01:47.0690 4944        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:01:47.0705 4944        IPBusEnum - ok

14:01:47.0705 4944        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:01:47.0736 4944        IpFilterDriver - ok

14:01:47.0752 4944        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

14:01:47.0768 4944        iphlpsvc - ok

14:01:47.0768 4944        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:01:47.0783 4944        IPMIDRV - ok

14:01:47.0783 4944        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:01:47.0814 4944        IPNAT - ok

14:01:47.0814 4944        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:01:47.0814 4944        IRENUM - ok

14:01:47.0814 4944        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:01:47.0830 4944        isapnp - ok

14:01:47.0830 4944        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:01:47.0846 4944        iScsiPrt - ok

14:01:47.0846 4944        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:01:47.0861 4944        kbdclass - ok

14:01:47.0861 4944        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:01:47.0861 4944        kbdhid - ok

14:01:47.0861 4944        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:01:47.0877 4944        KeyIso - ok

14:01:47.0877 4944        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

14:01:47.0877 4944        KSecDD - ok

14:01:47.0892 4944        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

14:01:47.0892 4944        KSecPkg - ok

14:01:47.0892 4944        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:01:47.0908 4944        ksthunk - ok

14:01:47.0924 4944        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:01:47.0955 4944        KtmRm - ok

14:01:47.0955 4944        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

14:01:47.0970 4944        LanmanServer - ok

14:01:47.0986 4944        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

14:01:48.0002 4944        LanmanWorkstation - ok

14:01:48.0017 4944        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:01:48.0033 4944        lltdio - ok

14:01:48.0048 4944        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:01:48.0064 4944        lltdsvc - ok

14:01:48.0064 4944        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:01:48.0080 4944        lmhosts - ok

14:01:48.0095 4944        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

14:01:48.0095 4944        LSI_FC - ok

14:01:48.0111 4944        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

14:01:48.0111 4944        LSI_SAS - ok

14:01:48.0111 4944        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

14:01:48.0126 4944        LSI_SAS2 - ok

14:01:48.0126 4944        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

14:01:48.0142 4944        LSI_SCSI - ok

14:01:48.0142 4944        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:01:48.0158 4944        luafv - ok

14:01:48.0158 4944        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

14:01:48.0173 4944        MBAMProtector - ok

14:01:48.0189 4944        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:01:48.0189 4944        MBAMService - ok

14:01:48.0204 4944        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

14:01:48.0204 4944        Mcx2Svc - ok

14:01:48.0204 4944        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

14:01:48.0220 4944        megasas - ok

14:01:48.0220 4944        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

14:01:48.0236 4944        MegaSR - ok

14:01:48.0236 4944        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

14:01:48.0236 4944        MEIx64 - ok

14:01:48.0251 4944        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:01:48.0267 4944        MMCSS - ok

14:01:48.0267 4944        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:01:48.0282 4944        Modem - ok

14:01:48.0282 4944        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:01:48.0298 4944        monitor - ok

14:01:48.0298 4944        MotioninJoyXFilter (65ed1932bcfe5003389d65f6c3ef51c8) C:\Windows\system32\DRIVERS\MijXfilt.sys

14:01:48.0314 4944        MotioninJoyXFilter - ok

14:01:48.0314 4944        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:01:48.0314 4944        mouclass - ok

14:01:48.0314 4944        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:01:48.0329 4944        mouhid - ok

14:01:48.0329 4944        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:01:48.0329 4944        mountmgr - ok

14:01:48.0345 4944        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:01:48.0345 4944        mpio - ok

14:01:48.0345 4944        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:01:48.0376 4944        mpsdrv - ok

14:01:48.0407 4944        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

14:01:48.0423 4944        MpsSvc - ok

14:01:48.0438 4944        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:01:48.0438 4944        MRxDAV - ok

14:01:48.0454 4944        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:01:48.0454 4944        mrxsmb - ok

14:01:48.0470 4944        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:01:48.0470 4944        mrxsmb10 - ok

14:01:48.0470 4944        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:01:48.0485 4944        mrxsmb20 - ok

14:01:48.0485 4944        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:01:48.0485 4944        msahci - ok

14:01:48.0501 4944        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:01:48.0501 4944        msdsm - ok

14:01:48.0516 4944        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:01:48.0516 4944        MSDTC - ok

14:01:48.0516 4944        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:01:48.0548 4944        Msfs - ok

14:01:48.0548 4944        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:01:48.0563 4944        mshidkmdf - ok

14:01:48.0563 4944        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:01:48.0579 4944        msisadrv - ok

14:01:48.0579 4944        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:01:48.0594 4944        MSiSCSI - ok

14:01:48.0594 4944        msiserver - ok

14:01:48.0594 4944        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:01:48.0626 4944        MSKSSRV - ok

14:01:48.0626 4944        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:01:48.0641 4944        MSPCLOCK - ok

14:01:48.0641 4944        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:01:48.0657 4944        MSPQM - ok

14:01:48.0672 4944        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:01:48.0688 4944        MsRPC - ok

14:01:48.0688 4944        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:01:48.0688 4944        mssmbios - ok

14:01:48.0688 4944        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:01:48.0704 4944        MSTEE - ok

14:01:48.0719 4944        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

14:01:48.0719 4944        MTConfig - ok

14:01:48.0719 4944        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:01:48.0735 4944        Mup - ok

14:01:48.0735 4944        mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys

14:01:48.0750 4944        mv91xx - ok

14:01:48.0766 4944        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

14:01:48.0782 4944        napagent - ok

14:01:48.0797 4944        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:01:48.0813 4944        NativeWifiP - ok

14:01:48.0844 4944        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:01:48.0860 4944        NDIS - ok

14:01:48.0860 4944        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:01:48.0891 4944        NdisCap - ok

14:01:48.0891 4944        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:01:48.0906 4944        NdisTapi - ok

14:01:48.0906 4944        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:01:48.0938 4944        Ndisuio - ok

14:01:48.0938 4944        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:01:48.0953 4944        NdisWan - ok

14:01:48.0969 4944        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:01:48.0984 4944        NDProxy - ok

14:01:48.0984 4944        Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll

14:01:48.0984 4944        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:01:48.0984 4944        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:01:48.0984 4944        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:01:49.0016 4944        NetBIOS - ok

14:01:49.0031 4944        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:01:49.0047 4944        NetBT - ok

14:01:49.0047 4944        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:01:49.0047 4944        Netlogon - ok

14:01:49.0078 4944        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:01:49.0094 4944        Netman - ok

14:01:49.0109 4944        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:01:49.0140 4944        netprofm - ok

14:01:49.0140 4944        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:01:49.0156 4944        NetTcpPortSharing - ok

14:01:49.0156 4944        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

14:01:49.0156 4944        nfrd960 - ok

14:01:49.0172 4944        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

14:01:49.0187 4944        NlaSvc - ok

14:01:49.0203 4944        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:01:49.0218 4944        Npfs - ok

14:01:49.0218 4944        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:01:49.0234 4944        nsi - ok

14:01:49.0234 4944        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:01:49.0265 4944        nsiproxy - ok

14:01:49.0296 4944        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:01:49.0328 4944        Ntfs - ok

14:01:49.0343 4944        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:01:49.0359 4944        Null - ok

14:01:49.0374 4944        NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

14:01:49.0374 4944        NVHDA - ok

14:01:49.0671 4944        nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:01:49.0796 4944        nvlddmkm - ok

14:01:49.0811 4944        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:01:49.0827 4944        nvraid - ok

14:01:49.0827 4944        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:01:49.0842 4944        nvstor - ok

14:01:49.0858 4944        nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe

14:01:49.0874 4944        nvsvc - ok

14:01:49.0936 4944        nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

14:01:49.0952 4944        nvUpdatusService - ok

14:01:49.0983 4944        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:01:49.0998 4944        nv_agp - ok

14:01:49.0998 4944        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:01:49.0998 4944        ohci1394 - ok

14:01:50.0014 4944        ossrv           (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys

14:01:50.0014 4944        ossrv - ok

14:01:50.0030 4944        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:01:50.0045 4944        p2pimsvc - ok

14:01:50.0061 4944        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:01:50.0061 4944        p2psvc - ok

14:01:50.0076 4944        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

14:01:50.0076 4944        Parport - ok

14:01:50.0092 4944        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

14:01:50.0092 4944        partmgr - ok

14:01:50.0092 4944        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:01:50.0108 4944        PcaSvc - ok

14:01:50.0123 4944        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:01:50.0123 4944        pci - ok

14:01:50.0123 4944        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:01:50.0139 4944        pciide - ok

14:01:50.0139 4944        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

14:01:50.0154 4944        pcmcia - ok

14:01:50.0154 4944        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:01:50.0154 4944        pcw - ok

14:01:50.0170 4944        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:01:50.0201 4944        PEAUTH - ok

14:01:50.0232 4944        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

14:01:50.0248 4944        PeerDistSvc - ok

14:01:50.0279 4944        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:01:50.0279 4944        PerfHost - ok

14:01:50.0342 4944        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

14:01:50.0373 4944        pla - ok

14:01:50.0388 4944        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

14:01:50.0404 4944        PlugPlay - ok

14:01:50.0404 4944        Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll

14:01:50.0404 4944        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:01:50.0404 4944        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:01:50.0404 4944        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:01:50.0420 4944        PNRPAutoReg - ok

14:01:50.0435 4944        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:01:50.0435 4944        PNRPsvc - ok

14:01:50.0451 4944        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

14:01:50.0466 4944        PolicyAgent - ok

14:01:50.0482 4944        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:01:50.0498 4944        Power - ok

14:01:50.0513 4944        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:01:50.0529 4944        PptpMiniport - ok

14:01:50.0544 4944        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

14:01:50.0544 4944        Processor - ok

14:01:50.0560 4944        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

14:01:50.0576 4944        ProfSvc - ok

14:01:50.0576 4944        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:01:50.0576 4944        ProtectedStorage - ok

14:01:50.0591 4944        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:01:50.0607 4944        Psched - ok

14:01:50.0654 4944        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

14:01:50.0669 4944        ql2300 - ok

14:01:50.0700 4944        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

14:01:50.0700 4944        ql40xx - ok

14:01:50.0716 4944        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:01:50.0716 4944        QWAVE - ok

14:01:50.0732 4944        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:01:50.0732 4944        QWAVEdrv - ok

14:01:50.0732 4944        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:01:50.0747 4944        RasAcd - ok

14:01:50.0763 4944        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:01:50.0778 4944        RasAgileVpn - ok

14:01:50.0778 4944        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:01:50.0810 4944        RasAuto - ok

14:01:50.0810 4944        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:01:50.0825 4944        Rasl2tp - ok

14:01:50.0841 4944        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

14:01:50.0856 4944        RasMan - ok

14:01:50.0872 4944        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:01:50.0888 4944        RasPppoe - ok

14:01:50.0888 4944        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:01:50.0919 4944        RasSstp - ok

14:01:50.0919 4944        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:01:50.0950 4944        rdbss - ok

14:01:50.0950 4944        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:01:50.0950 4944        rdpbus - ok

14:01:50.0966 4944        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:01:50.0981 4944        RDPCDD - ok

14:01:50.0981 4944        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

14:01:50.0997 4944        RDPDR - ok

14:01:50.0997 4944        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:01:51.0012 4944        RDPENCDD - ok

14:01:51.0012 4944        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:01:51.0044 4944        RDPREFMP - ok

14:01:51.0044 4944        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

14:01:51.0044 4944        RDPWD - ok

14:01:51.0059 4944        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:01:51.0059 4944        rdyboost - ok

14:01:51.0075 4944        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:01:51.0090 4944        RemoteAccess - ok

14:01:51.0090 4944        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:01:51.0122 4944        RemoteRegistry - ok

14:01:51.0122 4944        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

14:01:51.0137 4944        RFCOMM - ok

14:01:51.0137 4944        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:01:51.0153 4944        RpcEptMapper - ok

14:01:51.0168 4944        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:01:51.0168 4944        RpcLocator - ok

14:01:51.0184 4944        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:01:51.0215 4944        RpcSs - ok

14:01:51.0215 4944        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:01:51.0231 4944        rspndr - ok

14:01:51.0246 4944        RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:01:51.0262 4944        RTL8167 - ok

14:01:51.0262 4944        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

14:01:51.0262 4944        s3cap - ok

14:01:51.0262 4944        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:01:51.0278 4944        SamSs - ok

14:01:51.0278 4944        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:01:51.0293 4944        sbp2port - ok

14:01:51.0293 4944        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:01:51.0324 4944        SCardSvr - ok

14:01:51.0324 4944        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:01:51.0340 4944        scfilter - ok

14:01:51.0371 4944        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

14:01:51.0402 4944        Schedule - ok

14:01:51.0402 4944        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:01:51.0434 4944        SCPolicySvc - ok

14:01:51.0434 4944        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

14:01:51.0449 4944        SDRSVC - ok

14:01:51.0449 4944        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:01:51.0465 4944        secdrv - ok

14:01:51.0480 4944        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

14:01:51.0496 4944        seclogon - ok

14:01:51.0496 4944        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

14:01:51.0512 4944        SENS - ok

14:01:51.0512 4944        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:01:51.0527 4944        SensrSvc - ok

14:01:51.0527 4944        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

14:01:51.0527 4944        Serenum - ok

14:01:51.0543 4944        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

14:01:51.0543 4944        Serial - ok

14:01:51.0543 4944        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

14:01:51.0558 4944        sermouse - ok

14:01:51.0558 4944        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

14:01:51.0590 4944        SessionEnv - ok

14:01:51.0590 4944        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:01:51.0590 4944        sffdisk - ok

14:01:51.0590 4944        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:01:51.0605 4944        sffp_mmc - ok

14:01:51.0605 4944        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:01:51.0621 4944        sffp_sd - ok

14:01:51.0621 4944        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

14:01:51.0621 4944        sfloppy - ok

14:01:51.0636 4944        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:01:51.0652 4944        SharedAccess - ok

14:01:51.0668 4944        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

14:01:51.0699 4944        ShellHWDetection - ok

14:01:51.0699 4944        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

14:01:51.0699 4944        SiSRaid2 - ok

14:01:51.0699 4944        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

14:01:51.0714 4944        SiSRaid4 - ok

14:01:51.0714 4944        SkypeUpdate     (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe

14:01:51.0714 4944        SkypeUpdate - ok

14:01:51.0730 4944        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:01:51.0746 4944        Smb - ok

14:01:51.0746 4944        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:01:51.0761 4944        SNMPTRAP - ok

14:01:51.0761 4944        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:01:51.0761 4944        spldr - ok

14:01:51.0777 4944        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

14:01:51.0808 4944        Spooler - ok

14:01:51.0917 4944        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

14:01:51.0964 4944        sppsvc - ok

14:01:51.0995 4944        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:01:52.0011 4944        sppuinotify - ok

14:01:52.0026 4944        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:01:52.0042 4944        srv - ok

14:01:52.0042 4944        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:01:52.0073 4944        srv2 - ok

14:01:52.0089 4944        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:01:52.0089 4944        srvnet - ok

14:01:52.0104 4944        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:01:52.0120 4944        SSDPSRV - ok

14:01:52.0136 4944        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:01:52.0151 4944        SstpSvc - ok

14:01:52.0151 4944        Steam Client Service - ok

14:01:52.0167 4944        Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

14:01:52.0167 4944        Stereo Service - ok

14:01:52.0182 4944        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

14:01:52.0182 4944        stexstor - ok

14:01:52.0198 4944        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

14:01:52.0214 4944        stisvc - ok

14:01:52.0214 4944        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

14:01:52.0214 4944        storflt - ok

14:01:52.0229 4944        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

14:01:52.0229 4944        StorSvc - ok

14:01:52.0229 4944        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

14:01:52.0245 4944        storvsc - ok

14:01:52.0245 4944        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:01:52.0245 4944        swenum - ok

14:01:52.0260 4944        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:01:52.0276 4944        swprv - ok

14:01:52.0338 4944        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

14:01:52.0354 4944        SysMain - ok

14:01:52.0385 4944        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

14:01:52.0401 4944        TabletInputService - ok

14:01:52.0401 4944        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

14:01:52.0432 4944        TapiSrv - ok

14:01:52.0432 4944        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:01:52.0448 4944        TBS - ok

14:01:52.0510 4944        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

14:01:52.0526 4944        Tcpip - ok

14:01:52.0588 4944        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

14:01:52.0619 4944        TCPIP6 - ok

14:01:52.0635 4944        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:01:52.0666 4944        tcpipreg - ok

14:01:52.0666 4944        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:01:52.0666 4944        TDPIPE - ok

14:01:52.0666 4944        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

14:01:52.0682 4944        TDTCP - ok

14:01:52.0682 4944        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:01:52.0697 4944        tdx - ok

14:01:52.0697 4944        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

14:01:52.0713 4944        TermDD - ok

14:01:52.0728 4944        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

14:01:52.0760 4944        TermService - ok

14:01:52.0760 4944        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:01:52.0760 4944        Themes - ok

14:01:52.0775 4944        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:01:52.0791 4944        THREADORDER - ok

14:01:52.0791 4944        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:01:52.0822 4944        TrkWks - ok

14:01:52.0822 4944        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

14:01:52.0838 4944        TrustedInstaller - ok

14:01:52.0853 4944        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:01:52.0869 4944        tssecsrv - ok

14:01:52.0869 4944        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:01:52.0884 4944        TsUsbFlt - ok

14:01:52.0884 4944        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

14:01:52.0884 4944        TsUsbGD - ok

14:01:52.0900 4944        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:01:52.0916 4944        tunnel - ok

14:01:52.0916 4944        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

14:01:52.0916 4944        uagp35 - ok

14:01:52.0931 4944        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:01:52.0947 4944        udfs - ok

14:01:52.0962 4944        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:01:52.0962 4944        UI0Detect - ok

14:01:52.0962 4944        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:01:52.0978 4944        uliagpkx - ok

14:01:52.0978 4944        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

14:01:52.0978 4944        umbus - ok

14:01:52.0994 4944        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

14:01:52.0994 4944        UmPass - ok

14:01:52.0994 4944        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

14:01:53.0009 4944        UmRdpService - ok

14:01:53.0025 4944        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:01:53.0040 4944        upnphost - ok

14:01:53.0056 4944        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:01:53.0056 4944        usbccgp - ok

14:01:53.0056 4944        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:01:53.0072 4944        usbcir - ok

14:01:53.0072 4944        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

14:01:53.0072 4944        usbehci - ok

14:01:53.0087 4944        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:01:53.0103 4944        usbhub - ok

14:01:53.0103 4944        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

14:01:53.0103 4944        usbohci - ok

14:01:53.0103 4944        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:01:53.0118 4944        usbprint - ok

14:01:53.0118 4944        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

14:01:53.0118 4944        usbscan - ok

14:01:53.0134 4944        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:01:53.0134 4944        USBSTOR - ok

14:01:53.0134 4944        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:01:53.0150 4944        usbuhci - ok

14:01:53.0150 4944        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:01:53.0165 4944        UxSms - ok

14:01:53.0165 4944        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:01:53.0181 4944        VaultSvc - ok

14:01:53.0181 4944        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:01:53.0181 4944        vdrvroot - ok

14:01:53.0196 4944        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

14:01:53.0228 4944        vds - ok

14:01:53.0228 4944        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:01:53.0228 4944        vga - ok

14:01:53.0228 4944        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:01:53.0259 4944        VgaSave - ok

14:01:53.0259 4944        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:01:53.0274 4944        vhdmp - ok

14:01:53.0274 4944        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:01:53.0274 4944        viaide - ok

14:01:53.0274 4944        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

14:01:53.0290 4944        vmbus - ok

14:01:53.0290 4944        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

14:01:53.0290 4944        VMBusHID - ok

14:01:53.0306 4944        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:01:53.0306 4944        volmgr - ok

14:01:53.0321 4944        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:01:53.0321 4944        volmgrx - ok

14:01:53.0337 4944        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:01:53.0337 4944        volsnap - ok

14:01:53.0352 4944        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

14:01:53.0352 4944        vsmraid - ok

14:01:53.0399 4944        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

14:01:53.0430 4944        VSS - ok

14:01:53.0462 4944        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

14:01:53.0462 4944        vwifibus - ok

14:01:53.0477 4944        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:01:53.0508 4944        W32Time - ok

14:01:53.0508 4944        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

14:01:53.0508 4944        WacomPen - ok

14:01:53.0524 4944        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:01:53.0540 4944        WANARP - ok

14:01:53.0540 4944        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:01:53.0555 4944        Wanarpv6 - ok

14:01:53.0586 4944        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:01:53.0618 4944        WatAdminSvc - ok

14:01:53.0649 4944        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

14:01:53.0664 4944        wbengine - ok

14:01:53.0696 4944        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:01:53.0711 4944        WbioSrvc - ok

14:01:53.0727 4944        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

14:01:53.0742 4944        wcncsvc - ok

14:01:53.0742 4944        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:01:53.0742 4944        WcsPlugInService - ok

14:01:53.0758 4944        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

14:01:53.0758 4944        Wd - ok

14:01:53.0774 4944        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:01:53.0789 4944        Wdf01000 - ok

14:01:53.0789 4944        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:01:53.0805 4944        WdiServiceHost - ok

14:01:53.0805 4944        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:01:53.0820 4944        WdiSystemHost - ok

14:01:53.0820 4944        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

14:01:53.0836 4944        WebClient - ok

14:01:53.0852 4944        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:01:53.0867 4944        Wecsvc - ok

14:01:53.0867 4944        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:01:53.0898 4944        wercplsupport - ok

14:01:53.0898 4944        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:01:53.0914 4944        WerSvc - ok

14:01:53.0930 4944        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:01:53.0945 4944        WfpLwf - ok

14:01:53.0945 4944        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:01:53.0945 4944        WIMMount - ok

14:01:53.0961 4944        WinDefend - ok

14:01:53.0961 4944        WinHttpAutoProxySvc - ok

14:01:53.0976 4944        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:01:53.0992 4944        Winmgmt - ok

14:01:54.0039 4944        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

14:01:54.0086 4944        WinRM - ok

14:01:54.0101 4944        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

14:01:54.0117 4944        WinUsb - ok

14:01:54.0148 4944        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:01:54.0164 4944        Wlansvc - ok

14:01:54.0210 4944        wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:01:54.0242 4944        wlidsvc - ok

14:01:54.0257 4944        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:01:54.0273 4944        WmiAcpi - ok

14:01:54.0288 4944        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:01:54.0288 4944        wmiApSrv - ok

14:01:54.0288 4944        WMPNetworkSvc - ok

14:01:54.0288 4944        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:01:54.0304 4944        WPCSvc - ok

14:01:54.0304 4944        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

14:01:54.0320 4944        WPDBusEnum - ok

14:01:54.0320 4944        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:01:54.0335 4944        ws2ifsl - ok

14:01:54.0351 4944        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

14:01:54.0351 4944        wscsvc - ok

14:01:54.0351 4944        WSearch - ok

14:01:54.0429 4944        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

14:01:54.0460 4944        wuauserv - ok

14:01:54.0491 4944        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:01:54.0507 4944        WudfPf - ok

14:01:54.0522 4944        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:01:54.0538 4944        WUDFRd - ok

14:01:54.0538 4944        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

14:01:54.0569 4944        wudfsvc - ok

14:01:54.0569 4944        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:01:54.0585 4944        WwanSvc - ok

14:01:54.0585 4944        xusb21          (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys

14:01:54.0600 4944        xusb21 - ok

14:01:54.0600 4944        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:01:54.0616 4944        \Device\Harddisk0\DR0 - ok

14:01:54.0616 4944        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

14:01:54.0632 4944        \Device\Harddisk1\DR1 - ok

14:01:54.0632 4944        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

14:01:54.0881 4944        \Device\Harddisk2\DR2 - ok

14:01:54.0897 4944        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3

14:01:55.0380 4944        \Device\Harddisk3\DR3 - ok

14:01:55.0380 4944        Boot (0x1200)   (f3f598491f1db825652a0aa1a16ba5b7) \Device\Harddisk0\DR0\Partition0

14:01:55.0380 4944        \Device\Harddisk0\DR0\Partition0 - ok

14:01:55.0380 4944        Boot (0x1200)   (59f511f0ca707a106080b204be1c1be5) \Device\Harddisk1\DR1\Partition0

14:01:55.0380 4944        \Device\Harddisk1\DR1\Partition0 - ok

14:01:55.0380 4944        Boot (0x1200)   (e76b0698b2aaf707033e277d43d832f6) \Device\Harddisk2\DR2\Partition0

14:01:55.0380 4944        \Device\Harddisk2\DR2\Partition0 - ok

14:01:55.0380 4944        Boot (0x1200)   (de50b70a7e3bde0e3a5f180ff388d748) \Device\Harddisk2\DR2\Partition1

14:01:55.0380 4944        \Device\Harddisk2\DR2\Partition1 - ok

14:01:55.0380 4944        Boot (0x1200)   (5a24a3b538f9fec1ebc11a854a7a45a5) \Device\Harddisk3\DR3\Partition0

14:01:55.0380 4944        \Device\Harddisk3\DR3\Partition0 - ok

14:01:55.0380 4944        ============================================================

14:01:55.0380 4944        Scan finished

14:01:55.0380 4944        ============================================================

14:01:55.0396 3616        Detected object count: 5

14:01:55.0396 3616        Actual detected object count: 5

14:02:08.0469 3616        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:08.0469 3616        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:02:08.0469 3616        Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:08.0469 3616        Creative Dolby Digital Live Pack Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:02:08.0469 3616        CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:08.0469 3616        CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:02:08.0469 3616        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:08.0469 3616        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:02:08.0469 3616        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:08.0469 3616        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

[code]
Combofix Logfile:

Code:

ComboFix 12-05-14.02 - Admin 14.05.2012  14:48:47.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8169.6470 [GMT 2:00]

ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Admin\AppData\Roaming\Love

c:\users\Admin\AppData\Roaming\Love\mari0\options.txt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-14 bis 2012-05-14  ))))))))))))))))))))))))))))))

.

.

2012-05-14 12:50 . 2012-05-14 12:50        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-05-14 12:50 . 2012-05-14 12:50        --------        d-----w-        c:\users\Tobi\AppData\Local\temp

2012-05-11 15:02 . 2012-05-11 15:02        --------        d-----w-        c:\program files (x86)\ESET

2012-05-11 14:04 . 2012-05-11 14:04        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-11 14:04 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-05-11 13:34 . 2012-04-13 08:46        8917360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{27D6F924-D1B3-4477-B2D7-DB14B2D42FC1}\mpengine.dll

2012-05-06 11:59 . 2012-05-06 11:59        --------        d-----w-        c:\users\Kathrin\AppData\Local\CrashDumps

2012-05-06 10:28 . 2012-05-06 10:28        --------        d-----w-        c:\users\Kathrin\AppData\Roaming\LSoft Technologies

2012-05-06 10:28 . 2012-05-06 10:28        --------        d-----w-        c:\users\Kathrin\AppData\Roaming\InstallShield Installation Information

2012-05-05 22:07 . 2012-05-05 23:46        --------        d-----w-        c:\users\Kathrin\AppData\Roaming\vlc

2012-05-05 22:01 . 2012-05-08 18:50        --------        d-----w-        C:\_OTL

2012-05-05 21:51 . 2012-05-05 21:52        --------        d-----w-        c:\users\Kathrin\AppData\Roaming\Trillian

2012-04-25 16:25 . 2012-04-25 16:25        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-04-25 16:22 . 2008-02-04 09:27        102400        ----a-w-        c:\windows\SysWow64\cttele32.dll

2012-04-25 16:22 . 2009-03-26 12:48        190976        ----a-w-        c:\windows\system32\APOMgr64.DLL

2012-04-25 16:22 . 2009-03-26 12:46        148480        ----a-w-        c:\windows\SysWow64\APOMngr.DLL

2012-04-25 16:22 . 2009-02-06 16:53        89088        ----a-w-        c:\windows\system32\CmdRtr64.DLL

2012-04-25 16:22 . 2009-02-06 16:52        73728        ----a-w-        c:\windows\SysWow64\CmdRtr.DLL

2012-04-22 15:08 . 2012-05-13 15:32        --------        d-----w-        c:\users\Admin\AppData\Roaming\vlc

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-25 16:48 . 2009-08-18 10:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-04-25 16:48 . 2009-08-18 09:24        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-25 16:22 . 2012-01-28 16:09        466520        ----a-w-        c:\windows\system32\wrap_oal.dll

2012-04-25 16:22 . 2012-01-28 16:09        445016        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2012-04-25 16:22 . 2012-01-28 16:09        123480        ----a-w-        c:\windows\system32\OpenAL32.dll

2012-04-25 16:22 . 2012-01-28 16:09        109144        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2012-04-01 19:07 . 2012-04-01 19:07        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-01 19:07 . 2012-01-26 11:14        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-25 08:26 . 2012-03-26 19:32        115272        ----a-w-        c:\windows\system32\drivers\MijXfilt.sys

2012-03-01 06:46 . 2012-04-11 21:02        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-11 21:02        220672        ----a-w-        c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-11 21:02        81408        ----a-w-        c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-11 21:02        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-11 21:02        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-11 21:02        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-11 21:02        5120        ----a-w-        c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-11 21:03        2311168        ----a-w-        c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-11 21:03        1390080        ----a-w-        c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-11 21:03        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-11 21:03        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-11 21:03        1799168        ----a-w-        c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-11 21:03        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-11 21:03        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-11 21:03        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2012-02-26 17:20 . 2012-02-26 17:20        98304        ----a-w-        c:\windows\SysWow64\CmdLineExt.dll

2012-02-23 08:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 17:45        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 17:45        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 17:45        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 17:45        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17151624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]

R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-25 79360]

R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2012-01-28 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 93581421

*Deregistered* - 93581421

*Deregistered* - RTCore64

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:07]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = 

TCP: DhcpNameServer = 192.168.1.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe

AddRemove-Alan Wake_is1 - m:\alan wake\unins000.exe

AddRemove-Dear Esther_is1 - m:\dear esther\unins000.exe

AddRemove-Deponia - m:\deponia\uninstall.exe

AddRemove-Metro 2033 Update 2_is1 - m:\metro 2033\unins000.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-05-14  14:51:41

ComboFix-quarantined-files.txt  2012-05-14 12:51

.

Vor Suchlauf: 11 Verzeichnis(se), 76.271.321.088 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 75.759.415.296 Bytes frei

.

- - End Of File - - 707CFD667CD2ABDFFE171157794A6B5B

--- --- ---

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-05-15 19:52:35

-----------------------------

19:52:35.420    OS Version: Windows x64 6.1.7601 Service Pack 1

19:52:35.420    Number of processors: 4 586 0x2A07

19:52:35.420    ComputerName: ADMIN-PC  UserName: Admin

19:52:35.593    Initialize success

19:53:42.702    AVAST engine defs: 12051500

19:54:01.287    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

19:54:01.289    Disk 0 Vendor: OCZ-VERT 1.27 Size: 57241MB BusType: 3

19:54:01.290    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

19:54:01.291    Disk 1 Vendor: OCZ-VERT 2.13 Size: 114473MB BusType: 3

19:54:01.292    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3

19:54:01.294    Disk 2 Vendor: Maxtor_6 BANC Size: 286168MB BusType: 3

19:54:01.295    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4

19:54:01.296    Disk 3 Vendor: WDC_WD10 51.0 Size: 953869MB BusType: 3

19:54:01.298    Disk 1 MBR read successfully

19:54:01.300    Disk 1 MBR scan

19:54:01.303    Disk 1 Windows 7 default MBR code

19:54:01.305    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114471 MB offset 2048

19:54:01.309    Disk 1 scanning C:\Windows\system32\drivers

19:54:03.475    Service scanning

19:54:08.415    Modules scanning

19:54:08.418    Disk 1 trace - called modules:

19:54:08.423    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

19:54:08.425    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8008fd5060]

19:54:08.428    3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80078f8050]

19:54:08.605    AVAST engine scan C:\Windows

19:54:09.102    AVAST engine scan C:\Windows\system32

19:54:55.316    AVAST engine scan C:\Windows\system32\drivers

19:54:57.901    AVAST engine scan C:\Users\Admin

19:55:08.064    AVAST engine scan C:\ProgramData

19:55:10.517    Scan finished successfully

19:57:34.774    Disk 1 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

19:57:34.777    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.18.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Admin :: ADMIN-PC [Administrator]
 

Schutz: Aktiviert
 

18.05.2012 14:41:59

mbam-log-2012-05-18 (14-41-34).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 774031

Laufzeit: 33 Minute(n), 25 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 05/18/2012 at 03:56 PM
 

Application Version : 5.0.1148
 

Core Rules Database Version : 8616

Trace Rules Database Version: 6428
 

Scan type       : Complete Scan

Total Scan Time : 00:36:11
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 585

Memory threats detected   : 0

Registry items scanned    : 65420

Registry threats detected : 0

File items scanned        : 216844

File threats detected     : 191
 

Adware.Tracking Cookie

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OKFOQZ80.txt [ /adfarm1.adition.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R4FQ59SW.txt [ /advertising.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7KGQAKG8.txt [ /atdmt.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5DUAUNT5.txt [ /ad.zanox.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KE9NXU4G.txt [ /media6degrees.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5C9WMMWI.txt [ /adbrite.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O34Q6MYD.txt [ /doubleclick.net ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TQ91FUJ9.txt [ /at.atwola.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M7TN4K07.txt [ /www.etracker.de ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O12YUT5A.txt [ /imrworldwide.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J5GKHL28.txt [ /serving-sys.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SR97VC57.txt [ /www.googleadservices.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8SMEXBHV.txt [ /ad1.adfarm1.adition.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NIM2L4AS.txt [ /ru4.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O9BAK0CB.txt [ /mediaplex.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WCKAHJIZ.txt [ /tribalfusion.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BWL24PLD.txt [ /arvatodigitalservices.112.2o7.net ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VM83KTS9.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H9OWRD1P.txt [ /mtvn.112.2o7.net ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\33Y1LMXK.txt [ /tradedoubler.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SE2D9CSV.txt [ /bs.serving-sys.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XFLLRZW7.txt [ /c.atdmt.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DQ6EGWCS.txt [ /apmebf.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6NOSU7GK.txt [ /ad.yieldmanager.com ]

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZPJNU4OA.txt [ /lucidmedia.com ]

        C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt [ Cookie:admin@doubleclick.net/ ]

        C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@c.atdmt[2].txt [ Cookie:admin@c.atdmt.com/ ]

        C:\USERS\ADMIN\Cookies\OKFOQZ80.txt [ Cookie:admin@adfarm1.adition.com/ ]

        C:\USERS\ADMIN\Cookies\R4FQ59SW.txt [ Cookie:admin@advertising.com/ ]

        C:\USERS\ADMIN\Cookies\5DUAUNT5.txt [ Cookie:admin@ad.zanox.com/ ]

        C:\USERS\ADMIN\Cookies\KE9NXU4G.txt [ Cookie:admin@media6degrees.com/ ]

        C:\USERS\ADMIN\Cookies\5C9WMMWI.txt [ Cookie:admin@adbrite.com/ ]

        C:\USERS\ADMIN\Cookies\O34Q6MYD.txt [ Cookie:admin@doubleclick.net/ ]

        C:\USERS\ADMIN\Cookies\TQ91FUJ9.txt [ Cookie:admin@at.atwola.com/ ]

        C:\USERS\ADMIN\Cookies\J5GKHL28.txt [ Cookie:admin@serving-sys.com/ ]

        C:\USERS\ADMIN\Cookies\SR97VC57.txt [ Cookie:admin@www.googleadservices.com/pagead/conversion/1013361525/ ]

        C:\USERS\ADMIN\Cookies\8SMEXBHV.txt [ Cookie:admin@ad1.adfarm1.adition.com/ ]

        C:\USERS\ADMIN\Cookies\NIM2L4AS.txt [ Cookie:admin@ru4.com/ ]

        C:\USERS\ADMIN\Cookies\O9BAK0CB.txt [ Cookie:admin@mediaplex.com/ ]

        C:\USERS\ADMIN\Cookies\WCKAHJIZ.txt [ Cookie:admin@tribalfusion.com/ ]

        C:\USERS\ADMIN\Cookies\BWL24PLD.txt [ Cookie:admin@arvatodigitalservices.112.2o7.net/ ]

        C:\USERS\ADMIN\Cookies\VM83KTS9.txt [ Cookie:admin@ad2.adfarm1.adition.com/ ]

        C:\USERS\ADMIN\Cookies\H9OWRD1P.txt [ Cookie:admin@mtvn.112.2o7.net/ ]

        C:\USERS\ADMIN\Cookies\SE2D9CSV.txt [ Cookie:admin@bs.serving-sys.com/ ]

        C:\USERS\ADMIN\Cookies\XFLLRZW7.txt [ Cookie:admin@c.atdmt.com/ ]

        C:\USERS\ADMIN\Cookies\DQ6EGWCS.txt [ Cookie:admin@apmebf.com/ ]

        C:\USERS\ADMIN\Cookies\6NOSU7GK.txt [ Cookie:admin@ad.yieldmanager.com/ ]

        C:\USERS\ADMIN\Cookies\ZPJNU4OA.txt [ Cookie:admin@lucidmedia.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\2RTZD4KV.txt [ Cookie:kathrin@ad.zanox.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\C34JFEQE.txt [ Cookie:kathrin@apmebf.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\219XIDBO.txt [ Cookie:kathrin@statcounter.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\47X1IR6L.txt [ Cookie:kathrin@collective-media.net/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\EOFI1XF2.txt [ Cookie:kathrin@mediaplex.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\GNX3RDVQ.txt [ Cookie:kathrin@msnportal.112.2o7.net/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\WME9NKVY.txt [ Cookie:kathrin@ad2.adfarm1.adition.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\2GSQ96OR.txt [ Cookie:kathrin@ad.yieldmanager.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\DHNATI90.txt [ Cookie:kathrin@questionmarket.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\H1P5Q6X5.txt [ Cookie:kathrin@tradedoubler.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\PVOD0QBW.txt [ Cookie:kathrin@adbrite.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\J1HLMLY6.txt [ Cookie:kathrin@2o7.net/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\O77P4XTP.txt [ Cookie:kathrin@adfarm1.adition.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\I4IKM7GG.txt [ Cookie:kathrin@atdmt.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\YHY062IO.txt [ Cookie:kathrin@ru4.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\FVALJVMQ.txt [ Cookie:kathrin@zanox.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\N3J2L5E6.txt [ Cookie:kathrin@adserver.adreactor.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\T2U7ZO2M.txt [ Cookie:kathrin@xiti.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\QXV5KMPK.txt [ Cookie:kathrin@doubleclick.net/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\DIDK017U.txt [ Cookie:kathrin@amazon-adsystem.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\WK0YSO7D.txt [ Cookie:kathrin@ad1.adfarm1.adition.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\4S0P96ZM.txt [ Cookie:kathrin@ad.dyntracker.de/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\VM3XEB02.txt [ Cookie:kathrin@bs.serving-sys.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\1ZJGKD42.txt [ Cookie:kathrin@fastclick.net/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\Z8TIW4VN.txt [ Cookie:kathrin@tribalfusion.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\4WV0FT4B.txt [ Cookie:kathrin@c.atdmt.com/ ]

        C:\USERS\KATHRIN\AppData\Roaming\Microsoft\Windows\Cookies\RSD96RR2.txt [ Cookie:kathrin@in.getclicky.com/ ]

        C:\USERS\KATHRIN\Cookies\2RTZD4KV.txt [ Cookie:kathrin@ad.zanox.com/ ]

        C:\USERS\KATHRIN\Cookies\C34JFEQE.txt [ Cookie:kathrin@apmebf.com/ ]

        C:\USERS\KATHRIN\Cookies\219XIDBO.txt [ Cookie:kathrin@statcounter.com/ ]

        C:\USERS\KATHRIN\Cookies\47X1IR6L.txt [ Cookie:kathrin@collective-media.net/ ]

        C:\USERS\KATHRIN\Cookies\EOFI1XF2.txt [ Cookie:kathrin@mediaplex.com/ ]

        C:\USERS\KATHRIN\Cookies\GNX3RDVQ.txt [ Cookie:kathrin@msnportal.112.2o7.net/ ]

        C:\USERS\KATHRIN\Cookies\WME9NKVY.txt [ Cookie:kathrin@ad2.adfarm1.adition.com/ ]

        C:\USERS\KATHRIN\Cookies\2GSQ96OR.txt [ Cookie:kathrin@ad.yieldmanager.com/ ]

        C:\USERS\KATHRIN\Cookies\DHNATI90.txt [ Cookie:kathrin@questionmarket.com/ ]

        C:\USERS\KATHRIN\Cookies\H1P5Q6X5.txt [ Cookie:kathrin@tradedoubler.com/ ]

        C:\USERS\KATHRIN\Cookies\PVOD0QBW.txt [ Cookie:kathrin@adbrite.com/ ]

        C:\USERS\KATHRIN\Cookies\J1HLMLY6.txt [ Cookie:kathrin@2o7.net/ ]

        C:\USERS\KATHRIN\Cookies\O77P4XTP.txt [ Cookie:kathrin@adfarm1.adition.com/ ]

        C:\USERS\KATHRIN\Cookies\I4IKM7GG.txt [ Cookie:kathrin@atdmt.com/ ]

        C:\USERS\KATHRIN\Cookies\YHY062IO.txt [ Cookie:kathrin@ru4.com/ ]

        C:\USERS\KATHRIN\Cookies\FVALJVMQ.txt [ Cookie:kathrin@zanox.com/ ]

        C:\USERS\KATHRIN\Cookies\N3J2L5E6.txt [ Cookie:kathrin@adserver.adreactor.com/ ]

        C:\USERS\KATHRIN\Cookies\T2U7ZO2M.txt [ Cookie:kathrin@xiti.com/ ]

        C:\USERS\KATHRIN\Cookies\QXV5KMPK.txt [ Cookie:kathrin@doubleclick.net/ ]

        C:\USERS\KATHRIN\Cookies\DIDK017U.txt [ Cookie:kathrin@amazon-adsystem.com/ ]

        C:\USERS\KATHRIN\Cookies\WK0YSO7D.txt [ Cookie:kathrin@ad1.adfarm1.adition.com/ ]

        C:\USERS\KATHRIN\Cookies\4S0P96ZM.txt [ Cookie:kathrin@ad.dyntracker.de/ ]

        C:\USERS\KATHRIN\Cookies\VM3XEB02.txt [ Cookie:kathrin@bs.serving-sys.com/ ]

        C:\USERS\KATHRIN\Cookies\1ZJGKD42.txt [ Cookie:kathrin@fastclick.net/ ]

        C:\USERS\KATHRIN\Cookies\Z8TIW4VN.txt [ Cookie:kathrin@tribalfusion.com/ ]

        C:\USERS\KATHRIN\Cookies\4WV0FT4B.txt [ Cookie:kathrin@c.atdmt.com/ ]

        C:\USERS\KATHRIN\Cookies\RSD96RR2.txt [ Cookie:kathrin@in.getclicky.com/ ]

        C:\USERS\TANK\AppData\Roaming\Microsoft\Windows\Cookies\UF0IBY4P.txt [ Cookie:tank@atdmt.com/ ]

        C:\USERS\TANK\Cookies\UF0IBY4P.txt [ Cookie:tank@atdmt.com/ ]

        .doubleclick.net [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad2.adfarm1.adition.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zanox.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .specificclick.net [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tracking.quisma.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .im.banner.t-online.de [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .atdmt.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .atdmt.com [ D:\!SSD-ALT\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        D:\!SSD-ALT\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]

        D:\!SSD-ALT\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ATDMT[1].TXT [ /ATDMT ]

        .doubleclick.net [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        tracking.oe24.at [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        adfarm1.adition.com [ D:\!SSD-ALT\USERS\KATHRIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        D:\!SSD-ALT\USERS\KATHRIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHRIN@2O7[1].TXT [ /2O7 ]

        D:\!SSD-ALT\USERS\KATHRIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHRIN@APMEBF[1].TXT [ /APMEBF ]

        .doubleclick.net [ D:\!SSD-ALT\USERS\TANK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        files.youporn.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]

        ia.media-imdb.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]

        media.mtvnservices.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]

        secure-us.imrworldwide.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]

        track.shop2market.com [ D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JEENKZF9 ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@FASTCLICK[1].TXT [ /FASTCLICK ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@INTERCLICK[1].TXT [ /INTERCLICK ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@MTVN.112.2O7[1].TXT [ /MTVN.112.2O7 ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@PAYPAL.112.2O7[1].TXT [ /PAYPAL.112.2O7 ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@PARTYPOKER[1].TXT [ /PARTYPOKER ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@REVSCI[2].TXT [ /REVSCI ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@SECMEDIA[1].TXT [ /SECMEDIA ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@TRACKING.HOSTGATOR[1].TXT [ /TRACKING.HOSTGATOR ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TANK@ZANOX[2].TXT [ /ZANOX ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]

        D:\!SSD-ALT\USERS\TANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TANK@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]

        cdn1.static.youporn.phncdn.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]

        ia.media-imdb.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]

        media.mtvnservices.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]

        objects.tremormedia.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]

        secure-us.imrworldwide.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S9K43KZ9 ]
 

Trojan.Agent/Gen-Koobface[Bonkers]

        ZIP ARCHIVE( D:\BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE

        D:\BASIC\VB.ZIP

        ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BP.EXE

        ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM.EXE

        ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM1.EXE

        ZIP ARCHIVE( D:\BASIC\VB.ZIP )/RECHNER2.EXE

        D:\BASIC\VISUALB\BP.EXE

        D:\BASIC\VISUALB\BPNUM.EXE

        D:\BASIC\VISUALB\BPNUM1.EXE

        D:\BASIC\VISUALB\RECHNER2.EXE

        D:\BASIC\VISUALB\VB\BP.EXE

        D:\BASIC\VISUALB\VB\BPNUM.EXE

        D:\BASIC\VISUALB\VB\BPNUM1.EXE

        D:\BASIC\VISUALB\VB\BPNUM2.EXE

        D:\BASIC\VISUALB\VB\RECHNER2.EXE

        D:\BASIC\VISUALB\VB\VISUAL BASIC\SUMMENRECHNER.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE

        D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP

        ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BP.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE

        D:\BASIC\VISUALB\VISUAL BASIC\SUMMENRECHNER.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE

        D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP

        ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BP.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE

        ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE

        ZIP ARCHIVE( D:\EINZELNE DATEIEN\PROGS.ZIP )/BPNUM2.EXE

        D:\EINZELNE DATEIEN\PROGS.ZIP

        ZIP ARCHIVE( D:\SCHULE\BADV.ZIP )/VB/NOTEN/NOTENBERECHNUNG.EXE

        D:\SCHULE\BADV.ZIP
 

Trojan.Agent/Gen-ReLoader

        D:\BASIC\VISUALB\VB\ZUFALL1.EXE
 

Trojan.Agent/Gen-Downloader

        D:\SICHERUNG\DSPPITCH.EXE

        D:\SICHERUNG2007SEPTEMBER\EIGENE DATEIEN\DSPPITCH.EXE
 

Adware.Zwangi

        D:\SPIELE\RACINGPITCH\UNINSTALL.EXE

Zitat:

Trojan.Agent/Gen-Koobface[Bonkers]
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VB.ZIP )/RECHNER2.EXE
D:\BASIC\VISUALB\BP.EXE
D:\BASIC\VISUALB\BPNUM.EXE
D:\BASIC\VISUALB\BPNUM1.EXE
D:\BASIC\VISUALB\RECHNER2.EXE
D:\BASIC\VISUALB\VB\BP.EXE
D:\BASIC\VISUALB\VB\BPNUM.EXE
D:\BASIC\VISUALB\VB\BPNUM1.EXE
D:\BASIC\VISUALB\VB\BPNUM2.EXE
D:\BASIC\VISUALB\VB\RECHNER2.EXE
D:\BASIC\VISUALB\VB\VISUAL BASIC\SUMMENRECHNER.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
D:\BASIC\VISUALB\VISUAL BASIC\SUMMENRECHNER.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/VISUAL BASIC/SUMMENRECHNER.EXE
D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BP.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/BPNUM1.EXE
ZIP ARCHIVE( D:\BASIC\VISUALB\VISUAL BASIC\VB.ZIP )/RECHNER2.EXE
ZIP ARCHIVE( D:\EINZELNE DATEIEN\PROGS.ZIP )/BPNUM2.EXE
D:\EINZELNE DATEIEN\PROGS.ZIP
ZIP ARCHIVE( D:\SCHULE\BADV.ZIP )/VB/NOTEN/NOTENBERECHNUNG.EXE
D:\SCHULE\BADV.ZIP

Trojan.Agent/Gen-ReLoader
D:\BASIC\VISUALB\VB\ZUFALL1.EXE

Trojan.Agent/Gen-Downloader
D:\SICHERUNG\DSPPITCH.EXE
D:\SICHERUNG2007SEPTEMBER\EIGENE DATEIEN\DSPPITCH.EXE

Adware.Zwangi
D:\SPIELE\RACINGPITCH\UNINSTALL.EXE

Diese Dateien sind dir allesamt bekannt?

Zitat:

Zitat von cosinus (Beitrag 830381)

Diese Dateien sind dir allesamt bekannt?

ja, davon geht keine gefahr aus :)

Dann ist es ja ok - da wurden ansonsten nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?