Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira findet Trojaner der nicht existiert? (https://www.trojaner-board.de/115788-avira-findet-trojaner-existiert.html)

Jojo95 26.05.2012 12:30
Avira findet Trojaner der nicht existiert?
 
Ich wunder mich gerade über mein Avira. Seit etwa einer Woche findet es immerzu diese zwei Viren im gleichen Ordner (C:\WINDOWS\assembly), kann aber die Quelldatei nicht finden und ich auch nicht (hab alle Ordner sichtbar gemacht, versteckte und geschützte, habs sogar mit der Konsole probiert, diese Desktop.ini's sind wirklich nicht da!). Ich frage mich jetzt ob ich mir Sorgen machen soll oder nicht? Sonst heißt es immerzu das es nichts weiteres gibt. Nur diese 2 unfindbare Dateien :confused: und der Rechner läuft im Grunde einwandfrei ohne irgendwelche Probleme.

Muss ich mir jetzt Gedanken machen oder ist das vielleicht ein Fehler von Avira selbst?

Hier einmal das Logfile von Avira wenn ich nur diesen Ordner scanne:

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 26. Mai 2012  12:49

Es wird nach 3750486 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : John
Computername  : JOHN-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  09.05.2012 16:29:27
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  09.05.2012 16:29:27
LUKE.DLL      : 12.3.0.15      68304 Bytes  09.05.2012 16:29:28
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  09.05.2012 16:29:28
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 16:28:49
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 17:48:04
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 15:10:00
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 16:59:13
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 16:28:40
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 16:28:41
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 16:28:41
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 16:28:41
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 16:28:41
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 16:28:41
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 16:28:41
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 16:28:41
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 16:28:42
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 16:28:55
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 16:29:47
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 16:41:06
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 16:40:20
VBASE018.VDF  : 7.11.30.208    2048 Bytes  23.05.2012 16:40:20
VBASE019.VDF  : 7.11.30.209    2048 Bytes  23.05.2012 16:40:20
VBASE020.VDF  : 7.11.30.210    2048 Bytes  23.05.2012 16:40:20
VBASE021.VDF  : 7.11.30.211    2048 Bytes  23.05.2012 16:40:20
VBASE022.VDF  : 7.11.30.212    2048 Bytes  23.05.2012 16:40:20
VBASE023.VDF  : 7.11.30.213    2048 Bytes  23.05.2012 16:40:20
VBASE024.VDF  : 7.11.30.214    2048 Bytes  23.05.2012 16:40:21
VBASE025.VDF  : 7.11.30.215    2048 Bytes  23.05.2012 16:40:21
VBASE026.VDF  : 7.11.30.216    2048 Bytes  23.05.2012 16:40:21
VBASE027.VDF  : 7.11.30.217    2048 Bytes  23.05.2012 16:40:21
VBASE028.VDF  : 7.11.30.218    2048 Bytes  23.05.2012 16:40:21
VBASE029.VDF  : 7.11.30.219    2048 Bytes  23.05.2012 16:40:21
VBASE030.VDF  : 7.11.30.220    2048 Bytes  23.05.2012 16:40:21
VBASE031.VDF  : 7.11.31.32    118272 Bytes  26.05.2012 10:40:31
Engineversion  : 8.2.10.68
AEVDF.DLL      : 8.1.2.2      106868 Bytes  25.10.2011 17:10:45
AESCRIPT.DLL  : 8.1.4.19      455034 Bytes  11.05.2012 16:28:47
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 18:14:02
AESBX.DLL      : 8.2.5.5      606579 Bytes  12.03.2012 15:57:58
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.16.13    807287 Bytes  11.05.2012 16:28:46
AEOFFICE.DLL  : 8.1.2.28      201082 Bytes  27.04.2012 14:27:59
AEHEUR.DLL    : 8.1.4.28    4800886 Bytes  17.05.2012 16:30:56
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 16:28:43
AEGEN.DLL      : 8.1.5.28      422260 Bytes  27.04.2012 14:26:56
AEEXP.DLL      : 8.1.0.40      82292 Bytes  17.05.2012 16:31:28
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.25.6      201078 Bytes  15.03.2012 15:54:32
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  09.05.2012 16:29:27
AVPREF.DLL    : 12.3.0.15      51920 Bytes  09.05.2012 16:29:27
AVREP.DLL      : 12.3.0.15    179208 Bytes  09.05.2012 16:29:28
AVARKT.DLL    : 12.3.0.15    211408 Bytes  09.05.2012 16:29:27
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  09.05.2012 16:29:27
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  09.05.2012 16:29:28
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  09.05.2012 16:29:27
NETNT.DLL      : 12.3.0.15      17104 Bytes  09.05.2012 16:29:28
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  09.05.2012 16:29:27
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  09.05.2012 16:29:27

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\John\AppData\Local\Temp\ba0e5872.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: aus
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Samstag, 26. Mai 2012  12:49

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\assembly'
C:\Windows\assembly\GAC_32\Desktop.ini
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [WARNUNG]  Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.
  [WARNUNG]  Die Quelldatei konnte nicht gefunden werden.
  [HINWEIS]  Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
  [WARNUNG]  Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.
  [WARNUNG]  Systemfehler [0]: Der Vorgang wurde erfolgreich beendet.
  [WARNUNG]  Die Datei wurde ignoriert.
C:\Windows\assembly\GAC_64\Desktop.ini
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [WARNUNG]  Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.
  [WARNUNG]  Die Quelldatei konnte nicht gefunden werden.
  [HINWEIS]  Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
  [WARNUNG]  Die Datei konnte nicht ins Quarantäneverzeichnis kopiert werden.
  [WARNUNG]  Systemfehler [0]: Der Vorgang wurde erfolgreich beendet.
  [WARNUNG]  Die Datei wurde ignoriert.


Ende des Suchlaufs: Samstag, 26. Mai 2012  12:54
Benötigte Zeit: 04:41 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  3218 Verzeichnisse wurden überprüft
  2146 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  2144 Dateien ohne Befall
      0 Archive wurden durchsucht
      2 Warnungen
      2 Hinweise
Ich habe es gerade wieder selbst mit der Konsole probiert und anscheinend existieren diese Dateien doch, aber ich habe kein Zugriff auf diese.


Siehe Kommandozeile:

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Users\John>if exist "C:\Windows\assembly\GAC_64\Desktop.ini" echo JA
JA

C:\Users\John>if NOT exist "C:\Windows\assembly\GAC_64\Desktop.ini" echo JA

C:\Users\John>attrib -r -s -h "C:\Windows\assembly\GAC_64\Desktop.ini"
Zugriff verweigert - C:\Windows\assembly\GAC_64\Desktop.ini

C:\Users\John>del /S /F /Q "C:\Windows\assembly\GAC_64\Desktop.ini"
C:\Windows\assembly\GAC_64\Desktop.ini konnte nicht gefunden werden

C:\Users\John>
Ich mache mal jetzt nochmals vollständige Scans mit Malwarebytes und Avira und poste dann diese Logfiles!

Problem gelöst dank einem Freund der sich bei sowas gut auskennt. Danke trotzdem :) Thread kann geschlossen werden - Cheers

Psychotic 27.05.2012 11:25
Hallo jojo95,

Zitat:
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
Ich hoffe, dein Freund kennt sich wirklich gut aus - du hast nämlich das ZeroAccess-Rootkit auf dem Rechner und das ist auch der Grund, warum du an diese Dateien nicht rankommst...:pfeiff:

Jojo95 27.05.2012 11:31
Jedenfalls gab es bei einer Vollständigen Systemprüfung mit Avira und Malwarebytes keine Funde mehr. Diese Dateien gibt es jetzt auch nach der Konsole nicht mehr und werden auch nicht mehr von Avira gefunden. Soll ich Logfiles mit HijackThis oder anderen Programmen machen? Wenn du sagst es ist ein Rootkit soll ich mir GMER holen oder was soll ich deiner Meinung nach zur Sicherheit nochmal machen?

Psychotic 27.05.2012 11:34
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  • Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren) - wenn du die anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  • Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  • Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.


Schritt 2: DDS


Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
  • Schließe alle laufenden Programme.
  • Starte DDS mit Doppelklick.
  • Es wird 2 Logfiles erstellen.
    • dds.txt
    • attach.txt
  • Speichere beide Logfiles auf deinem Desktop
  • Poste beide Logfiles hier.

Jojo95 27.05.2012 11:43
DDS.txt
[CODE].DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by John at 12:37:22 on 2012-05-27
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4094.2329 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\3DataManager\WTGService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\John\worker\worker.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
BHO: {1580277A-4F5E-61BA-30D0-5C805A834D61} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIC30F~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AUTOWorker] "D:\John\worker\worker.exe" /auto
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MIC30F~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MIC30F~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3BBAEAA6-A760-4FEA-9D8C-C8FAAF90CBEC} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3BBAEAA6-A760-4FEA-9D8C-C8FAAF90CBEC}\75C414E413 : DhcpNameServer = 192.168.100.251
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL
BHO-X64: {1580277A-4F5E-61BA-30D0-5C805A834D61} - No File
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [AUTOWorker] "D:\John\worker\worker.exe" /auto
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\
FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-23 913752]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-16 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-16 110032]
R2 AntiVirWebService;Avira Browser Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-10-16 465360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-13 821592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 654408]
R2 WTGService;WTGService;C:\Program Files (x86)\3DataManager\WTGService.exe [2011-8-4 333264]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-5-14 21384]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-5-14 33184]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-5-14 21872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 e2eVAWdm;e2eSoft VAudio;C:\Windows\system32\DRIVERS\VAud_WDM.sys --> C:\Windows\system32\DRIVERS\VAud_WDM.sys [?]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-12-16 155344]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\system32\drivers\vasdDev.sys --> C:\Windows\system32\drivers\vasdDev.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-27 10:36:04        69000        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\offreg.dll
2012-05-26 20:04:06        43        ----a-w-        C:\analyse.bat
2012-05-26 19:42:34        --------        d-----w-        C:\Windows\NitroX
2012-05-26 12:22:35        --------        d-sh--w-        C:\$RECYCLE.BIN
2012-05-26 12:05:30        98816        ----a-w-        C:\Windows\sed.exe
2012-05-26 12:05:30        518144        ----a-w-        C:\Windows\SWREG.exe
2012-05-26 12:05:30        256000        ----a-w-        C:\Windows\PEV.exe
2012-05-26 12:05:30        208896        ----a-w-        C:\Windows\MBR.exe
2012-05-26 12:00:00        61440        ----a-w-        C:\Windows\SysWow64\drivers\ukmzyzk.sys
2012-05-26 11:48:12        61440        ----a-w-        C:\Windows\SysWow64\drivers\aaxblh.sys
2012-05-25 15:34:32        --------        d-----w-        C:\Users\John\AppData\Local\MooExt
2012-05-25 14:15:43        --------        d-----w-        C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-05-25 11:44:53        8955792        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\mpengine.dll
2012-05-22 14:33:45        8955792        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-20 17:37:23        279656        ------w-        C:\Windows\System32\MpSigStub.exe
2012-05-18 16:41:07        --------        d-----w-        C:\Users\John\.yawcam
2012-05-11 18:31:34        --------        d-----w-        C:\Users\John\AppData\Local\SplitMediaLabs
2012-05-10 18:54:04        --------        d-sh--w-        C:\Windows\SysWow64\%APPDATA%
2012-05-10 16:33:20        1544704        ----a-w-        C:\Windows\System32\DWrite.dll
2012-05-10 16:33:20        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll
2012-05-10 16:33:14        5559664        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-05-10 16:33:13        3146240        ----a-w-        C:\Windows\System32\win32k.sys
2012-05-10 16:33:12        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 16:33:12        3913072        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 16:32:28        75120        ----a-w-        C:\Windows\System32\drivers\partmgr.sys
2012-05-10 16:32:11        1918320        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2012-05-10 16:32:04        1732096        ----a-w-        C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 16:32:03        936960        ----a-w-        C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 16:32:03        1402880        ----a-w-        C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 16:32:03        1393664        ----a-w-        C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 16:32:03        1367552        ----a-w-        C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-02 17:05:45        --------        d-----w-        C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-02 17:05:37        157352        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 17:05:37        129976        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M  ====================
.
2012-05-09 16:29:28        98848        ----a-w-        C:\Windows\System32\drivers\avgntflt.sys
2012-05-05 17:04:17        70304        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:04:17        419488        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:04:09        8744608        ----a-w-        C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 14:29:35        111928        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2012-04-04 13:56:40        24904        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2012-03-21 12:30:58        525544        ----a-w-        C:\Windows\System32\deployJava1.dll
2012-03-13 17:51:58        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe
2012-03-13 17:51:58        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll
2012-03-13 17:51:58        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll
2012-03-13 17:50:52        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll
2012-03-13 17:50:52        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 17:50:52        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 17:50:52        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll
2012-03-01 06:46:16        23408        ----a-w-        C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27        220672        ----a-w-        C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50        81408        ----a-w-        C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47        5120        ----a-w-        C:\Windows\System32\wmi.dll
2012-03-01 05:37:41        172544        ----a-w-        C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23        159232        ----a-w-        C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16        5120        ----a-w-        C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48        2311168        ----a-w-        C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56        1390080        ----a-w-        C:\Windows\System32\wininet.dll
2012-02-28 06:48:57        1493504        ----a-w-        C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55        1799168        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21        1427456        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07        1127424        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:38:55,63 ===============
--- --- ---


attach.txt
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29.03.2011 22:10:00
System Uptime: 27.05.2012 11:41:07 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc.        |  | K52Dr
Processor: AMD Phenom(tm) II P920 Quad-Core Processor | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 71,678 GiB free.
D: is FIXED (NTFS) - 428 GiB total, 180,384 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP233: 22.05.2012 16:32:52 - Windows Update
RP234: 23.05.2012 17:34:35 - Configured Microsoft Office Professional Plus 2010
RP235: 26.05.2012 14:05:35 - ComboFix created restore point
RP236: 26.05.2012 21:33:52 - NitroX Cleaner Backup
RP237: 26.05.2012 21:51:44 - NitroX Cleaner Backup
.
==== Installed Programs ======================
.
3DataManager
Acoustica MP3 Audio Mixer
Adobe After Effects CS5.5
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Media Live Encoder 3.2
Adobe Help Viewer CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS5
Adobe Reader X (10.1.3) - Deutsch
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Story
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Advanced SystemCare 5
Akamai NetSession Interface
Akamai NetSession Interface Service
Amnesia - The Dark Descent
Apple Application Support
Apple Software Update
Ask Toolbar
µTorrent
Audacity 1.3.13 (Unicode)
Avira Free Antivirus
Battlecraft 1942
Battlefield 1942
Battlefield 1942 Multiplayer Demo
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield Mod Development Toolkit 2.0 Beta
Bot's Factory 2.3 MP
Brother MFL-Pro Suite DCP-165C
Call of Duty
Call of Duty - United Offensive
Camtasia Studio 7
Command & Conquer™ Alarmstufe Rot 3 Der Aufstand
Compatibility Pack für 2007 Office System
Crysis(R)
Crysis® 2
D3DX10
DAEMON Tools Lite
Dead Space™
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX-Setup
Download Updater (AOL LLC)
ESN Sonar
Facebook Messenger 2.1.4520.0
Facebook Video Calling 1.2.0.159
FileZilla Client 3.5.3
Fraps
Free PDF to Word Doc Converter v1.1
GeoGebra
GPL Ghostscript 9.01
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2565057)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HyperCam 2
IObit Malware Fighter
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
LAME v3.98.3 for Audacity
Macromedia Dreamweaver 8
Macromedia Extension Manager
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware Version 1.61.0.1400
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft SQL Server System CLR Types
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 2010 Express - DEU
Microsoft Visual C++  Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - DEU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.9)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
OJOsoft Total Video Converter
OpenOffice.org 3.3
PDF Settings CS5
PHPTriad Module: Phorum
Polipo 1.0.4.1
PunkBuster für Battlefield 1942
PunkBuster Services
PxMergeModule
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Smart Defrag 2
SmartSound Common Data
SmartSound Quicktracks 5
Sony Ericsson PC Companion 2.02.002
SplitCam
Spybot - Search & Destroy
TeamViewer 7
Tor 0.2.1.30
Trillian
UPC Konfigurator
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Vidalia 0.2.10
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
VLC media player 2.0.1
Windows 7 Codec Pack 3.3.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Movie Maker 2.6
WinFlash
XSplit
Yahoo! Messenger
.
==== End Of File ===========================

Psychotic 27.05.2012 11:45
Ckscan


Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.

Jojo95 27.05.2012 11:49
CKFiles.txt (habe ich was falsch gemacht??)
Code:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.PMNAXT
 ----- EOF -----

Psychotic 27.05.2012 11:52
Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.


Schritt 2: Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Jojo95 27.05.2012 12:12
TDSS-Killer:
Code:
13:07:30.0622 2432        TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:07:30.0991 2432        ============================================================
13:07:30.0991 2432        Current date / time: 2012/05/27 13:07:30.0991
13:07:30.0991 2432        SystemInfo:
13:07:30.0991 2432       
13:07:30.0991 2432        OS Version: 6.1.7601 ServicePack: 1.0
13:07:30.0991 2432        Product type: Workstation
13:07:30.0991 2432        ComputerName: JOHN-PC
13:07:30.0991 2432        UserName: John
13:07:30.0991 2432        Windows directory: C:\Windows
13:07:30.0991 2432        System windows directory: C:\Windows
13:07:30.0991 2432        Running under WOW64
13:07:30.0991 2432        Processor architecture: Intel x64
13:07:30.0991 2432        Number of processors: 4
13:07:30.0991 2432        Page size: 0x1000
13:07:30.0991 2432        Boot type: Normal boot
13:07:30.0991 2432        ============================================================
13:07:33.0459 2432        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:07:33.0470 2432        ============================================================
13:07:33.0471 2432        \Device\Harddisk0\DR0:
13:07:33.0471 2432        MBR partitions:
13:07:33.0471 2432        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x12A14A08
13:07:33.0486 2432        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15127000, BlocksNum 0x35730800
13:07:33.0486 2432        ============================================================
13:07:33.0556 2432        C: <-> \Device\Harddisk0\DR0\Partition0
13:07:33.0597 2432        D: <-> \Device\Harddisk0\DR0\Partition1
13:07:33.0597 2432        ============================================================
13:07:33.0597 2432        Initialize success
13:07:33.0597 2432        ============================================================
13:07:48.0396 3596        ============================================================
13:07:48.0396 3596        Scan started
13:07:48.0396 3596        Mode: Manual; TDLFS;
13:07:48.0396 3596        ============================================================
13:07:49.0559 3596        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:07:49.0565 3596        1394ohci - ok
13:07:49.0611 3596        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:07:49.0615 3596        ACPI - ok
13:07:49.0635 3596        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:07:49.0636 3596        AcpiPmi - ok
13:07:49.0801 3596        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:07:49.0810 3596        AdobeARMservice - ok
13:07:49.0995 3596        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:07:49.0997 3596        AdobeFlashPlayerUpdateSvc - ok
13:07:50.0062 3596        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:07:50.0076 3596        adp94xx - ok
13:07:50.0132 3596        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:07:50.0143 3596        adpahci - ok
13:07:50.0180 3596        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:07:50.0188 3596        adpu320 - ok
13:07:50.0396 3596        AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
13:07:50.0423 3596        AdvancedSystemCareService5 - ok
13:07:50.0466 3596        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:07:50.0467 3596        AeLookupSvc - ok
13:07:50.0533 3596        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:07:50.0538 3596        AFD - ok
13:07:50.0571 3596        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:07:50.0573 3596        agp440 - ok
13:07:50.0920 3596        Akamai          (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
13:07:50.0920 3596        Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
13:07:50.0928 3596        Akamai ( HiddenFile.Multi.Generic ) - warning
13:07:50.0928 3596        Akamai - detected HiddenFile.Multi.Generic (1)
13:07:51.0060 3596        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:07:51.0061 3596        ALG - ok
13:07:51.0126 3596        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:07:51.0127 3596        aliide - ok
13:07:51.0178 3596        AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
13:07:51.0180 3596        AMD External Events Utility - ok
13:07:51.0247 3596        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:07:51.0268 3596        amdide - ok
13:07:51.0306 3596        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:07:51.0307 3596        AmdK8 - ok
13:07:51.0847 3596        amdkmdag        (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
13:07:51.0971 3596        amdkmdag - ok
13:07:52.0159 3596        amdkmdap        (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
13:07:52.0169 3596        amdkmdap - ok
13:07:52.0225 3596        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:07:52.0226 3596        AmdPPM - ok
13:07:52.0257 3596        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:07:52.0259 3596        amdsata - ok
13:07:52.0294 3596        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:07:52.0303 3596        amdsbs - ok
13:07:52.0315 3596        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:07:52.0317 3596        amdxata - ok
13:07:52.0444 3596        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:07:52.0455 3596        AntiVirSchedulerService - ok
13:07:52.0488 3596        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:07:52.0501 3596        AntiVirService - ok
13:07:52.0575 3596        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:07:52.0604 3596        AntiVirWebService - ok
13:07:52.0632 3596        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:07:52.0634 3596        AppID - ok
13:07:52.0701 3596        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:07:52.0703 3596        AppIDSvc - ok
13:07:52.0742 3596        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:07:52.0743 3596        Appinfo - ok
13:07:52.0802 3596        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:07:52.0803 3596        arc - ok
13:07:52.0822 3596        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:07:52.0823 3596        arcsas - ok
13:07:52.0946 3596        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:07:52.0954 3596        aspnet_state - ok
13:07:52.0974 3596        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:07:52.0976 3596        AsyncMac - ok
13:07:53.0009 3596        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:07:53.0010 3596        atapi - ok
13:07:53.0272 3596        athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
13:07:53.0335 3596        athr - ok
13:07:53.0505 3596        AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
13:07:53.0507 3596        AtiHDAudioService - ok
13:07:53.0550 3596        AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
13:07:53.0551 3596        AtiHdmiService - ok
13:07:53.0632 3596        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:07:53.0639 3596        AudioEndpointBuilder - ok
13:07:53.0648 3596        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:07:53.0654 3596        AudioSrv - ok
13:07:53.0698 3596        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
13:07:53.0699 3596        avgntflt - ok
13:07:53.0747 3596        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
13:07:53.0748 3596        avipbb - ok
13:07:53.0772 3596        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:07:53.0773 3596        avkmgr - ok
13:07:53.0813 3596        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:07:53.0815 3596        AxInstSV - ok
13:07:53.0902 3596        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:07:53.0916 3596        b06bdrv - ok
13:07:53.0965 3596        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:07:53.0980 3596        b57nd60a - ok
13:07:54.0015 3596        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:07:54.0017 3596        BDESVC - ok
13:07:54.0035 3596        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:07:54.0036 3596        Beep - ok
13:07:54.0163 3596        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:07:54.0171 3596        BFE - ok
13:07:54.0265 3596        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:07:54.0277 3596        BITS - ok
13:07:54.0448 3596        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:07:54.0449 3596        blbdrive - ok
13:07:54.0511 3596        Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:07:54.0531 3596        Bonjour Service - ok
13:07:54.0565 3596        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:07:54.0566 3596        bowser - ok
13:07:54.0585 3596        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:07:54.0587 3596        BrFiltLo - ok
13:07:54.0605 3596        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:07:54.0607 3596        BrFiltUp - ok
13:07:54.0651 3596        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:07:54.0653 3596        BridgeMP - ok
13:07:54.0695 3596        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:07:54.0697 3596        Browser - ok
13:07:54.0733 3596        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:07:54.0746 3596        Brserid - ok
13:07:54.0762 3596        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:07:54.0764 3596        BrSerWdm - ok
13:07:54.0782 3596        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:07:54.0784 3596        BrUsbMdm - ok
13:07:54.0789 3596        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:07:54.0790 3596        BrUsbSer - ok
13:07:54.0808 3596        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:07:54.0810 3596        BTHMODEM - ok
13:07:54.0850 3596        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:07:54.0851 3596        bthserv - ok
13:07:54.0864 3596        catchme - ok
13:07:54.0904 3596        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:07:54.0906 3596        cdfs - ok
13:07:54.0948 3596        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:07:54.0950 3596        cdrom - ok
13:07:54.0984 3596        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:07:54.0986 3596        CertPropSvc - ok
13:07:55.0012 3596        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:07:55.0013 3596        circlass - ok
13:07:55.0073 3596        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:07:55.0077 3596        CLFS - ok
13:07:55.0199 3596        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:07:55.0209 3596        clr_optimization_v2.0.50727_32 - ok
13:07:55.0283 3596        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:07:55.0292 3596        clr_optimization_v2.0.50727_64 - ok
13:07:55.0368 3596        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:07:55.0379 3596        clr_optimization_v4.0.30319_32 - ok
13:07:55.0471 3596        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:07:55.0482 3596        clr_optimization_v4.0.30319_64 - ok
13:07:55.0556 3596        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:07:55.0557 3596        CmBatt - ok
13:07:55.0576 3596        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:07:55.0578 3596        cmdide - ok
13:07:55.0643 3596        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:07:55.0656 3596        CNG - ok
13:07:55.0691 3596        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:07:55.0692 3596        Compbatt - ok
13:07:55.0726 3596        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:07:55.0727 3596        CompositeBus - ok
13:07:55.0731 3596        COMSysApp - ok
13:07:55.0745 3596        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:07:55.0747 3596        crcdisk - ok
13:07:55.0787 3596        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:07:55.0789 3596        CryptSvc - ok
13:07:55.0865 3596        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:07:55.0873 3596        DcomLaunch - ok
13:07:55.0931 3596        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:07:55.0945 3596        defragsvc - ok
13:07:55.0977 3596        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:07:55.0979 3596        DfsC - ok
13:07:56.0014 3596        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:07:56.0028 3596        Dhcp - ok
13:07:56.0057 3596        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:07:56.0058 3596        discache - ok
13:07:56.0079 3596        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:07:56.0080 3596        Disk - ok
13:07:56.0132 3596        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:07:56.0140 3596        Dnscache - ok
13:07:56.0190 3596        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:07:56.0206 3596        dot3svc - ok
13:07:56.0268 3596        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:07:56.0278 3596        DPS - ok
13:07:56.0331 3596        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:07:56.0334 3596        drmkaud - ok
13:07:56.0386 3596        dtsoftbus01    (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:07:56.0401 3596        dtsoftbus01 - ok
13:07:56.0525 3596        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:07:56.0545 3596        DXGKrnl - ok
13:07:56.0585 3596        e2eVAWdm        (fec2c525df6838f3589529b549ab0a8e) C:\Windows\system32\DRIVERS\VAud_WDM.sys
13:07:56.0587 3596        e2eVAWdm - ok
13:07:56.0627 3596        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:07:56.0630 3596        EapHost - ok
13:07:56.0880 3596        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:07:56.0947 3596        ebdrv - ok
13:07:57.0080 3596        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:07:57.0082 3596        EFS - ok
13:07:57.0198 3596        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:07:57.0233 3596        ehRecvr - ok
13:07:57.0277 3596        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:07:57.0287 3596        ehSched - ok
13:07:57.0401 3596        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:07:57.0410 3596        elxstor - ok
13:07:57.0437 3596        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:07:57.0438 3596        ErrDev - ok
13:07:57.0526 3596        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:07:57.0531 3596        EventSystem - ok
13:07:57.0558 3596        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:07:57.0566 3596        exfat - ok
13:07:57.0594 3596        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:07:57.0602 3596        fastfat - ok
13:07:57.0694 3596        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:07:57.0714 3596        Fax - ok
13:07:57.0749 3596        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:07:57.0750 3596        fdc - ok
13:07:57.0771 3596        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:07:57.0773 3596        fdPHost - ok
13:07:57.0788 3596        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:07:57.0790 3596        FDResPub - ok
13:07:57.0814 3596        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:07:57.0816 3596        FileInfo - ok
13:07:58.0073 3596        FileMonitor    (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
13:07:58.0079 3596        FileMonitor - ok
13:07:58.0098 3596        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:07:58.0099 3596        Filetrace - ok
13:07:58.0217 3596        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:07:58.0237 3596        FLEXnet Licensing Service - ok
13:07:58.0285 3596        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:07:58.0286 3596        flpydisk - ok
13:07:58.0338 3596        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:07:58.0350 3596        FltMgr - ok
13:07:58.0462 3596        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:07:58.0477 3596        FontCache - ok
13:07:58.0605 3596        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:07:58.0613 3596        FontCache3.0.0.0 - ok
13:07:58.0660 3596        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:07:58.0661 3596        FsDepends - ok
13:07:58.0682 3596        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:07:58.0682 3596        Fs_Rec - ok
13:07:58.0730 3596        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:07:58.0733 3596        fvevol - ok
13:07:58.0750 3596        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:07:58.0751 3596        gagp30kx - ok
13:07:58.0844 3596        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:07:58.0864 3596        gpsvc - ok
13:07:58.0898 3596        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:07:58.0899 3596        hamachi - ok
13:07:58.0939 3596        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:07:58.0940 3596        hcw85cir - ok
13:07:58.0999 3596        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:07:59.0034 3596        HdAudAddService - ok
13:07:59.0081 3596        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:07:59.0083 3596        HDAudBus - ok
13:07:59.0088 3596        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:07:59.0090 3596        HidBatt - ok
13:07:59.0101 3596        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:07:59.0102 3596        HidBth - ok
13:07:59.0126 3596        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:07:59.0128 3596        HidIr - ok
13:07:59.0156 3596        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:07:59.0158 3596        hidserv - ok
13:07:59.0195 3596        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:07:59.0196 3596        HidUsb - ok
13:07:59.0274 3596        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:07:59.0277 3596        hkmsvc - ok
13:07:59.0331 3596        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:07:59.0370 3596        HomeGroupListener - ok
13:07:59.0431 3596        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:07:59.0439 3596        HomeGroupProvider - ok
13:07:59.0472 3596        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:07:59.0474 3596        HpSAMD - ok
13:07:59.0553 3596        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:07:59.0562 3596        HTTP - ok
13:07:59.0581 3596        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:07:59.0582 3596        hwpolicy - ok
13:07:59.0615 3596        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:07:59.0617 3596        i8042prt - ok
13:07:59.0674 3596        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:07:59.0692 3596        iaStorV - ok
13:07:59.0930 3596        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:07:59.0969 3596        idsvc - ok
13:08:00.0006 3596        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:08:00.0007 3596        iirsp - ok
13:08:00.0094 3596        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:08:00.0116 3596        IKEEXT - ok
13:08:00.0305 3596        IMFservice      (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
13:08:00.0328 3596        IMFservice - ok
13:08:00.0689 3596        IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
13:08:00.0777 3596        IntcAzAudAddService - ok
13:08:00.0914 3596        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:08:00.0915 3596        intelide - ok
13:08:00.0953 3596        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:08:00.0955 3596        intelppm - ok
13:08:01.0008 3596        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:08:01.0010 3596        IPBusEnum - ok
13:08:01.0044 3596        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:08:01.0045 3596        IpFilterDriver - ok
13:08:01.0151 3596        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:08:01.0194 3596        iphlpsvc - ok
13:08:01.0234 3596        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:08:01.0235 3596        IPMIDRV - ok
13:08:01.0273 3596        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:08:01.0285 3596        IPNAT - ok
13:08:01.0326 3596        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:08:01.0327 3596        IRENUM - ok
13:08:01.0371 3596        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:08:01.0372 3596        isapnp - ok
13:08:01.0426 3596        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:08:01.0440 3596        iScsiPrt - ok
13:08:01.0514 3596        JMCR            (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
13:08:01.0516 3596        JMCR - ok
13:08:01.0557 3596        JME            (8adaafcd2b8c259debf6c8dfd9727889) C:\Windows\system32\DRIVERS\JME.sys
13:08:01.0559 3596        JME - ok
13:08:01.0611 3596        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:08:01.0612 3596        kbdclass - ok
13:08:01.0646 3596        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:08:01.0647 3596        kbdhid - ok
13:08:01.0679 3596        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:08:01.0681 3596        KeyIso - ok
13:08:01.0702 3596        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:08:01.0704 3596        KSecDD - ok
13:08:01.0729 3596        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:08:01.0739 3596        KSecPkg - ok
13:08:01.0766 3596        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:08:01.0767 3596        ksthunk - ok
13:08:01.0827 3596        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:08:01.0833 3596        KtmRm - ok
13:08:01.0895 3596        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:08:01.0911 3596        LanmanServer - ok
13:08:01.0958 3596        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:08:01.0962 3596        LanmanWorkstation - ok
13:08:01.0990 3596        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:08:01.0992 3596        lltdio - ok
13:08:02.0054 3596        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:08:02.0068 3596        lltdsvc - ok
13:08:02.0084 3596        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:08:02.0086 3596        lmhosts - ok
13:08:02.0109 3596        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:08:02.0111 3596        LSI_FC - ok
13:08:02.0140 3596        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:08:02.0141 3596        LSI_SAS - ok
13:08:02.0150 3596        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:08:02.0152 3596        LSI_SAS2 - ok
13:08:02.0165 3596        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:08:02.0167 3596        LSI_SCSI - ok
13:08:02.0192 3596        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:08:02.0194 3596        luafv - ok
13:08:02.0222 3596        massfilter      (1b4dbcaa0321bbb76255983148051f09) C:\Windows\system32\drivers\massfilter.sys
13:08:02.0223 3596        massfilter - ok
13:08:02.0270 3596        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:08:02.0271 3596        MBAMProtector - ok
13:08:02.0419 3596        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:08:02.0448 3596        MBAMService - ok
13:08:02.0499 3596        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:08:02.0502 3596        Mcx2Svc - ok
13:08:02.0607 3596        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:08:02.0621 3596        MDM - ok
13:08:02.0658 3596        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:08:02.0660 3596        megasas - ok
13:08:02.0685 3596        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:08:02.0689 3596        MegaSR - ok
13:08:02.0742 3596        Microsoft SharePoint Workspace Audit Service - ok
13:08:02.0776 3596        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:08:02.0778 3596        MMCSS - ok
13:08:02.0797 3596        mmfo - ok
13:08:02.0833 3596        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:08:02.0834 3596        Modem - ok
13:08:02.0855 3596        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:08:02.0856 3596        monitor - ok
13:08:02.0943 3596        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:08:02.0944 3596        mouclass - ok
13:08:02.0975 3596        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:08:02.0976 3596        mouhid - ok
13:08:03.0008 3596        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:08:03.0010 3596        mountmgr - ok
13:08:03.0078 3596        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:08:03.0090 3596        MozillaMaintenance - ok
13:08:03.0132 3596        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:08:03.0142 3596        mpio - ok
13:08:03.0176 3596        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:08:03.0179 3596        mpsdrv - ok
13:08:03.0334 3596        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:08:03.0387 3596        MpsSvc - ok
13:08:03.0431 3596        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:08:03.0433 3596        MRxDAV - ok
13:08:03.0484 3596        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:08:03.0493 3596        mrxsmb - ok
13:08:03.0538 3596        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:08:03.0550 3596        mrxsmb10 - ok
13:08:03.0579 3596        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:08:03.0581 3596        mrxsmb20 - ok
13:08:03.0611 3596        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:08:03.0613 3596        msahci - ok
13:08:03.0658 3596        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:08:03.0660 3596        msdsm - ok
13:08:03.0737 3596        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:08:03.0740 3596        MSDTC - ok
13:08:03.0783 3596        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:08:03.0784 3596        Msfs - ok
13:08:03.0804 3596        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:08:03.0805 3596        mshidkmdf - ok
13:08:03.0832 3596        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:08:03.0833 3596        msisadrv - ok
13:08:03.0876 3596        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:08:03.0886 3596        MSiSCSI - ok
13:08:03.0890 3596        msiserver - ok
13:08:03.0905 3596        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:08:03.0906 3596        MSKSSRV - ok
13:08:03.0911 3596        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:08:03.0912 3596        MSPCLOCK - ok
13:08:03.0917 3596        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:08:03.0918 3596        MSPQM - ok
13:08:03.0983 3596        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:08:03.0992 3596        MsRPC - ok
13:08:04.0020 3596        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:08:04.0022 3596        mssmbios - ok
13:08:04.0059 3596        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:08:04.0060 3596        MSTEE - ok
13:08:04.0065 3596        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:08:04.0067 3596        MTConfig - ok
13:08:04.0107 3596        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:08:04.0108 3596        MTsensor - ok
13:08:04.0132 3596        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:08:04.0134 3596        Mup - ok
13:08:04.0241 3596        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:08:04.0251 3596        napagent - ok
13:08:04.0305 3596        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:08:04.0317 3596        NativeWifiP - ok
13:08:04.0417 3596        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:08:04.0428 3596        NDIS - ok
13:08:04.0458 3596        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:08:04.0460 3596        NdisCap - ok
13:08:04.0470 3596        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:08:04.0471 3596        NdisTapi - ok
13:08:04.0494 3596        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:08:04.0495 3596        Ndisuio - ok
13:08:04.0529 3596        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:08:04.0538 3596        NdisWan - ok
13:08:04.0565 3596        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:08:04.0566 3596        NDProxy - ok
13:08:04.0587 3596        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:08:04.0588 3596        NetBIOS - ok
13:08:04.0657 3596        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:08:04.0661 3596        NetBT - ok
13:08:04.0690 3596        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:08:04.0692 3596        Netlogon - ok
13:08:04.0746 3596        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:08:04.0752 3596        Netman - ok
13:08:04.0862 3596        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:04.0875 3596        NetMsmqActivator - ok
13:08:04.0879 3596        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:04.0881 3596        NetPipeActivator - ok
13:08:04.0956 3596        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:08:04.0970 3596        netprofm - ok
13:08:04.0987 3596        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:04.0989 3596        NetTcpActivator - ok
13:08:04.0994 3596        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:04.0995 3596        NetTcpPortSharing - ok
13:08:05.0044 3596        nfccu - ok
13:08:05.0088 3596        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:08:05.0089 3596        nfrd960 - ok
13:08:05.0162 3596        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:08:05.0198 3596        NlaSvc - ok
13:08:05.0282 3596        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:08:05.0284 3596        Npfs - ok
13:08:05.0321 3596        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:08:05.0324 3596        nsi - ok
13:08:05.0357 3596        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:08:05.0357 3596        nsiproxy - ok
13:08:05.0555 3596        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:08:05.0598 3596        Ntfs - ok
13:08:05.0767 3596        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:08:05.0769 3596        Null - ok
13:08:05.0812 3596        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:08:05.0814 3596        nvraid - ok
13:08:05.0862 3596        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:08:05.0871 3596        nvstor - ok
13:08:05.0935 3596        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:08:05.0937 3596        nv_agp - ok
13:08:05.0973 3596        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:08:05.0974 3596        ohci1394 - ok
13:08:06.0076 3596        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:08:06.0086 3596        ose - ok
13:08:06.0565 3596        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:08:06.0831 3596        osppsvc - ok
13:08:06.0982 3596        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:08:06.0994 3596        p2pimsvc - ok
13:08:07.0042 3596        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:08:07.0056 3596        p2psvc - ok
13:08:07.0148 3596        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:08:07.0150 3596        Parport - ok
13:08:07.0183 3596        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:08:07.0184 3596        partmgr - ok
13:08:07.0223 3596        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:08:07.0227 3596        PcaSvc - ok
13:08:07.0275 3596        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:08:07.0277 3596        pci - ok
13:08:07.0318 3596        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:08:07.0319 3596        pciide - ok
13:08:07.0390 3596        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:08:07.0429 3596        pcmcia - ok
13:08:07.0467 3596        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:08:07.0469 3596        pcw - ok
13:08:07.0534 3596        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:08:07.0580 3596        PEAUTH - ok
13:08:07.0758 3596        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:08:07.0765 3596        PerfHost - ok
13:08:08.0019 3596        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:08:08.0049 3596        pla - ok
13:08:08.0123 3596        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:08:08.0140 3596        PlugPlay - ok
13:08:08.0145 3596        PnkBstrA - ok
13:08:08.0182 3596        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:08:08.0185 3596        PNRPAutoReg - ok
13:08:08.0228 3596        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:08:08.0232 3596        PNRPsvc - ok
13:08:08.0301 3596        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:08:08.0324 3596        PolicyAgent - ok
13:08:08.0372 3596        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:08:08.0381 3596        Power - ok
13:08:08.0460 3596        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:08:08.0462 3596        PptpMiniport - ok
13:08:08.0492 3596        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:08:08.0493 3596        Processor - ok
13:08:08.0546 3596        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:08:08.0553 3596        ProfSvc - ok
13:08:08.0580 3596        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:08:08.0582 3596        ProtectedStorage - ok
13:08:08.0612 3596        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:08:08.0613 3596        Psched - ok
13:08:08.0638 3596        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:08:08.0640 3596        PxHlpa64 - ok
13:08:08.0775 3596        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:08:08.0813 3596        ql2300 - ok
13:08:09.0074 3596        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:08:09.0076 3596        ql40xx - ok
13:08:09.0133 3596        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:08:09.0173 3596        QWAVE - ok
13:08:09.0221 3596        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:08:09.0222 3596        QWAVEdrv - ok
13:08:09.0244 3596        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:08:09.0246 3596        RasAcd - ok
13:08:09.0284 3596        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:08:09.0285 3596        RasAgileVpn - ok
13:08:09.0315 3596        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:08:09.0319 3596        RasAuto - ok
13:08:09.0358 3596        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:08:09.0360 3596        Rasl2tp - ok
13:08:09.0405 3596        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:08:09.0416 3596        RasMan - ok
13:08:09.0467 3596        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:08:09.0469 3596        RasPppoe - ok
13:08:09.0505 3596        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:08:09.0507 3596        RasSstp - ok
13:08:09.0556 3596        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:08:09.0567 3596        rdbss - ok
13:08:09.0579 3596        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:08:09.0581 3596        rdpbus - ok
13:08:09.0594 3596        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:08:09.0596 3596        RDPCDD - ok
13:08:09.0618 3596        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:08:09.0619 3596        RDPENCDD - ok
13:08:09.0632 3596        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:08:09.0634 3596        RDPREFMP - ok
13:08:09.0683 3596        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:08:09.0686 3596        RDPWD - ok
13:08:09.0740 3596        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:08:09.0745 3596        rdyboost - ok
13:08:09.0897 3596        RegFilter      (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
13:08:09.0898 3596        RegFilter - ok
13:08:09.0967 3596        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:08:09.0970 3596        RemoteAccess - ok
13:08:10.0011 3596        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:08:10.0015 3596        RemoteRegistry - ok
13:08:10.0042 3596        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:08:10.0045 3596        RpcEptMapper - ok
13:08:10.0076 3596        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:08:10.0078 3596        RpcLocator - ok
13:08:10.0151 3596        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:08:10.0157 3596        RpcSs - ok
13:08:10.0196 3596        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:08:10.0197 3596        rspndr - ok
13:08:10.0224 3596        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:08:10.0226 3596        SamSs - ok
13:08:10.0267 3596        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:08:10.0269 3596        sbp2port - ok
13:08:10.0321 3596        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:08:10.0328 3596        SCardSvr - ok
13:08:10.0370 3596        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:08:10.0372 3596        scfilter - ok
13:08:10.0494 3596        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:08:10.0507 3596        Schedule - ok
13:08:10.0529 3596        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:08:10.0530 3596        SCPolicySvc - ok
13:08:10.0567 3596        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:08:10.0569 3596        sdbus - ok
13:08:10.0610 3596        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:08:10.0620 3596        SDRSVC - ok
13:08:10.0671 3596        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:08:10.0672 3596        secdrv - ok
13:08:10.0721 3596        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:08:10.0724 3596        seclogon - ok
13:08:10.0763 3596        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:08:10.0766 3596        SENS - ok
13:08:10.0790 3596        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:08:10.0793 3596        SensrSvc - ok
13:08:10.0812 3596        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:08:10.0814 3596        Serenum - ok
13:08:10.0851 3596        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:08:10.0853 3596        Serial - ok
13:08:10.0880 3596        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:08:10.0881 3596        sermouse - ok
13:08:10.0918 3596        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:08:10.0922 3596        SessionEnv - ok
13:08:10.0962 3596        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:08:10.0963 3596        sffdisk - ok
13:08:10.0996 3596        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:08:10.0997 3596        sffp_mmc - ok
13:08:11.0008 3596        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:08:11.0010 3596        sffp_sd - ok
13:08:11.0040 3596        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:08:11.0041 3596        sfloppy - ok
13:08:11.0147 3596        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:08:11.0188 3596        SharedAccess - ok
13:08:11.0284 3596        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:08:11.0289 3596        ShellHWDetection - ok
13:08:11.0325 3596        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:08:11.0326 3596        SiSRaid2 - ok
13:08:11.0346 3596        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:08:11.0348 3596        SiSRaid4 - ok
13:08:11.0448 3596        SkypeUpdate    (9bac4f095b1e802268b33e4c8ba57256) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:08:11.0521 3596        SkypeUpdate - ok
13:08:11.0588 3596        SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
13:08:11.0590 3596        SmartDefragDriver - ok
13:08:11.0628 3596        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:08:11.0630 3596        Smb - ok
13:08:11.0674 3596        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:08:11.0677 3596        SNMPTRAP - ok
13:08:11.0839 3596        SNP2UVC        (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:08:11.0877 3596        SNP2UVC - ok
13:08:12.0002 3596        Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
13:08:12.0025 3596        Sony Ericsson PCCompanion - ok
13:08:12.0182 3596        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:08:12.0183 3596        spldr - ok
13:08:12.0269 3596        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:08:12.0277 3596        Spooler - ok
13:08:12.0558 3596        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:08:12.0637 3596        sppsvc - ok
13:08:12.0769 3596        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:08:12.0772 3596        sppuinotify - ok
13:08:12.0788 3596        sptd - ok
13:08:12.0869 3596        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:08:12.0881 3596        srv - ok
13:08:12.0935 3596        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:08:12.0940 3596        srv2 - ok
13:08:12.0965 3596        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:08:12.0974 3596        srvnet - ok
13:08:13.0033 3596        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:08:13.0038 3596        SSDPSRV - ok
13:08:13.0062 3596        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:08:13.0066 3596        SstpSvc - ok
13:08:13.0088 3596        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:08:13.0088 3596        stexstor - ok
13:08:13.0169 3596        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:08:13.0195 3596        stisvc - ok
13:08:13.0222 3596        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:08:13.0223 3596        swenum - ok
13:08:13.0382 3596        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:08:13.0401 3596        SwitchBoard - ok
13:08:13.0498 3596        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:08:13.0507 3596        swprv - ok
13:08:13.0678 3596        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:08:13.0711 3596        SysMain - ok
13:08:13.0842 3596        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:08:13.0845 3596        TabletInputService - ok
13:08:13.0921 3596        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:08:13.0926 3596        TapiSrv - ok
13:08:13.0969 3596        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:08:13.0972 3596        TBS - ok
13:08:14.0211 3596        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:08:14.0248 3596        Tcpip - ok
13:08:14.0530 3596        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:08:14.0545 3596        TCPIP6 - ok
13:08:14.0662 3596        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:08:14.0664 3596        tcpipreg - ok
13:08:14.0704 3596        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:08:14.0705 3596        TDPIPE - ok
13:08:14.0744 3596        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:08:14.0745 3596        TDTCP - ok
13:08:14.0781 3596        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:08:14.0783 3596        tdx - ok
13:08:14.0817 3596        teamviewervpn  (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
13:08:14.0818 3596        teamviewervpn - ok
13:08:14.0869 3596        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:08:14.0870 3596        TermDD - ok
13:08:14.0958 3596        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:08:14.0967 3596        TermService - ok
13:08:15.0003 3596        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:08:15.0006 3596        Themes - ok
13:08:15.0042 3596        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:08:15.0045 3596        THREADORDER - ok
13:08:15.0069 3596        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:08:15.0072 3596        TrkWks - ok
13:08:15.0143 3596        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:08:15.0158 3596        TrustedInstaller - ok
13:08:15.0233 3596        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:08:15.0235 3596        tssecsrv - ok
13:08:15.0256 3596        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:08:15.0258 3596        TsUsbFlt - ok
13:08:15.0302 3596        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:08:15.0304 3596        tunnel - ok
13:08:15.0344 3596        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:08:15.0345 3596        uagp35 - ok
13:08:15.0387 3596        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:08:15.0396 3596        udfs - ok
13:08:15.0445 3596        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:08:15.0448 3596        UI0Detect - ok
13:08:15.0486 3596        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:08:15.0488 3596        uliagpkx - ok
13:08:15.0504 3596        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:08:15.0506 3596        umbus - ok
13:08:15.0536 3596        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:08:15.0538 3596        UmPass - ok
13:08:15.0584 3596        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:08:15.0593 3596        upnphost - ok
13:08:15.0706 3596        UrlFilter      (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
13:08:15.0707 3596        UrlFilter - ok
13:08:15.0745 3596        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:08:15.0746 3596        usbccgp - ok
13:08:15.0802 3596        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:08:15.0804 3596        usbcir - ok
13:08:15.0832 3596        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:08:15.0833 3596        usbehci - ok
13:08:15.0896 3596        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:08:15.0906 3596        usbhub - ok
13:08:15.0935 3596        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:08:15.0936 3596        usbohci - ok
13:08:15.0969 3596        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:08:15.0970 3596        usbprint - ok
13:08:15.0997 3596        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:08:15.0998 3596        usbscan - ok
13:08:16.0021 3596        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:08:16.0022 3596        USBSTOR - ok
13:08:16.0054 3596        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:08:16.0056 3596        usbuhci - ok
13:08:16.0100 3596        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:08:16.0103 3596        usbvideo - ok
13:08:16.0137 3596        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:08:16.0141 3596        UxSms - ok
13:08:16.0282 3596        VASDeviceDrm    (27542d7e24442eb79e459771ce256045) C:\Windows\system32\drivers\vasdDev.sys
13:08:16.0323 3596        VASDeviceDrm - ok
13:08:16.0446 3596        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:08:16.0447 3596        VaultSvc - ok
13:08:16.0517 3596        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:08:16.0519 3596        vdrvroot - ok
13:08:16.0603 3596        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:08:16.0622 3596        vds - ok
13:08:16.0685 3596        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:08:16.0686 3596        vga - ok
13:08:16.0703 3596        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:08:16.0704 3596        VgaSave - ok
13:08:16.0751 3596        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:08:16.0757 3596        vhdmp - ok
13:08:16.0791 3596        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:08:16.0813 3596        viaide - ok
13:08:16.0837 3596        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:08:16.0838 3596        volmgr - ok
13:08:16.0894 3596        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:08:16.0898 3596        volmgrx - ok
13:08:16.0937 3596        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:08:16.0949 3596        volsnap - ok
13:08:16.0991 3596        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:08:16.0993 3596        vsmraid - ok
13:08:17.0134 3596        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:08:17.0210 3596        VSS - ok
13:08:17.0392 3596        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:08:17.0393 3596        vwifibus - ok
13:08:17.0420 3596        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:08:17.0422 3596        vwififlt - ok
13:08:17.0438 3596        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:08:17.0440 3596        vwifimp - ok
13:08:17.0503 3596        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:08:17.0521 3596        W32Time - ok
13:08:17.0538 3596        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:08:17.0539 3596        WacomPen - ok
13:08:17.0569 3596        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:08:17.0571 3596        WANARP - ok
13:08:17.0575 3596        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:08:17.0576 3596        Wanarpv6 - ok
13:08:17.0713 3596        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:08:17.0797 3596        WatAdminSvc - ok
13:08:17.0957 3596        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:08:17.0994 3596        wbengine - ok
13:08:18.0122 3596        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:08:18.0127 3596        WbioSrvc - ok
13:08:18.0183 3596        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:08:18.0191 3596        wcncsvc - ok
13:08:18.0211 3596        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:08:18.0214 3596        WcsPlugInService - ok
13:08:18.0287 3596        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:08:18.0288 3596        Wd - ok
13:08:18.0351 3596        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:08:18.0375 3596        Wdf01000 - ok
13:08:18.0413 3596        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:08:18.0417 3596        WdiServiceHost - ok
13:08:18.0421 3596        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:08:18.0424 3596        WdiSystemHost - ok
13:08:18.0480 3596        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:08:18.0495 3596        WebClient - ok
13:08:18.0550 3596        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:08:18.0567 3596        Wecsvc - ok
13:08:18.0595 3596        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:08:18.0599 3596        wercplsupport - ok
13:08:18.0625 3596        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:08:18.0628 3596        WerSvc - ok
13:08:18.0786 3596        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:08:18.0787 3596        WfpLwf - ok
13:08:18.0803 3596        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:08:18.0804 3596        WIMMount - ok
13:08:18.0850 3596        WinDefend - ok
13:08:18.0862 3596        WinHttpAutoProxySvc - ok
13:08:18.0945 3596        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:08:18.0955 3596        Winmgmt - ok
13:08:19.0142 3596        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:08:19.0212 3596        WinRM - ok
13:08:19.0364 3596        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:08:19.0366 3596        WinUsb - ok
13:08:19.0464 3596        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:08:19.0482 3596        Wlansvc - ok
13:08:19.0861 3596        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:08:19.0938 3596        wlidsvc - ok
13:08:20.0087 3596        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:08:20.0088 3596        WmiAcpi - ok
13:08:20.0175 3596        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:08:20.0190 3596        wmiApSrv - ok
13:08:20.0224 3596        WMPNetworkSvc - ok
13:08:20.0289 3596        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:08:20.0292 3596        WPCSvc - ok
13:08:20.0327 3596        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:08:20.0331 3596        WPDBusEnum - ok
13:08:20.0355 3596        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:08:20.0357 3596        ws2ifsl - ok
13:08:20.0409 3596        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:08:20.0413 3596        wscsvc - ok
13:08:20.0419 3596        WSearch - ok
13:08:20.0508 3596        WTGService      (86293b6785260309606b0b0b46e42252) C:\Program Files (x86)\3DataManager\WTGService.exe
13:08:20.0544 3596        WTGService - ok
13:08:20.0742 3596        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:08:20.0795 3596        wuauserv - ok
13:08:20.0956 3596        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:08:20.0958 3596        WudfPf - ok
13:08:20.0991 3596        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:08:20.0999 3596        WUDFRd - ok
13:08:21.0018 3596        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:08:21.0022 3596        wudfsvc - ok
13:08:21.0086 3596        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:08:21.0104 3596        WwanSvc - ok
13:08:21.0147 3596        ZTEusbmdm6k    (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:08:21.0149 3596        ZTEusbmdm6k - ok
13:08:21.0192 3596        ZTEusbnmea      (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:08:21.0194 3596        ZTEusbnmea - ok
13:08:21.0244 3596        ZTEusbser6k    (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:08:21.0246 3596        ZTEusbser6k - ok
13:08:21.0268 3596        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:08:21.0739 3596        \Device\Harddisk0\DR0 - ok
13:08:21.0776 3596        Boot (0x1200)  (44fec4c97a8c695271e41986e9ca1921) \Device\Harddisk0\DR0\Partition0
13:08:21.0778 3596        \Device\Harddisk0\DR0\Partition0 - ok
13:08:21.0799 3596        Boot (0x1200)  (2b41c8864f2a7a3dd0b7076f1c6f3244) \Device\Harddisk0\DR0\Partition1
13:08:21.0801 3596        \Device\Harddisk0\DR0\Partition1 - ok
13:08:21.0802 3596        ============================================================
13:08:21.0802 3596        Scan finished
13:08:21.0802 3596        ============================================================
13:08:21.0814 3988        Detected object count: 1
13:08:21.0814 3988        Actual detected object count: 1
13:08:38.0139 3988        Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:08:38.0139 3988        Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
Was ist Akamai überhaupt :confused:

Jedenfalls aswMBR hat sich bei mir aufgehängt, hab es nochmals versucht und es hat sich wieder aufgehängt (während dem Scannen). Ich probiere es jetzt nochmal.

Jojo95 27.05.2012 12:22
Liste der Anhänge anzeigen (Anzahl: 1)
Nein es hat sich wieder aufgehängt. Ich kann damit nicht fertig scannen, was jetzt?

Psychotic 27.05.2012 12:39
Verneine bei Programmstart den Scan mit avas!-Signaturen und scanne erneut

Jojo95 27.05.2012 12:46
Es wird gar nicht mehr danach gefragt.
Es war nur beim ersten Start des Programms wo er gefragt hat ob ich mir die neuesten Avast-Signaturen herunterladen möchte und da hab ich akzeptiert. Jetzt aber egal wann ich es jetzt mehr aufmache, fragt er nicht mehr nach sondern schreibt sofort das die Signaturen geladen sind...

// Habe jetzt mit Crap Cleaner gecleant und es nochmal versucht. Diesmal hat er gefragt und ich hab auf Nein gedrückt. Jetzt scannt er ... mal schauen ob er sich diesmal aufhängt.

aswMBR.txt

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-27 13:47:28
-----------------------------
13:47:28.987    OS Version: Windows x64 6.1.7601 Service Pack 1
13:47:28.987    Number of processors: 4 586 0x503
13:47:28.988    ComputerName: JOHN-PC  UserName: John
13:47:34.836    Initialize success
13:48:38.764    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:48:38.766    Disk 0 Vendor: WDC_WD6400BEVT-80A0RT0 01.01A01 Size: 610480MB BusType: 11
13:48:38.848    Disk 0 MBR read successfully
13:48:38.849    Disk 0 MBR scan
13:48:38.852    Disk 0 Windows 7 default MBR code
13:48:38.855    Disk 0 Partition 1 00    1C Hidd FAT32 LBA MSDOS5.0    20002 MB offset 63
13:48:38.874    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      152617 MB offset 40965750
13:48:38.876    Disk 0 Partition - 00    0F Extended LBA            437858 MB offset 353527808
13:48:38.908    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      437857 MB offset 353529856
13:48:38.992    Disk 0 scanning C:\Windows\system32\drivers
13:48:50.812    Service scanning
13:49:27.659    Modules scanning
13:49:27.659    Disk 0 trace - called modules:
13:49:27.687    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:49:27.687    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fec060]
13:49:27.687    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004dad060]
13:49:27.688    Scan finished successfully
13:54:03.186    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
13:54:03.190    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

Psychotic 27.05.2012 13:54
Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jojo95 27.05.2012 14:29
Lieber Marius,
du hast meine Frage vorhin nicht beantwortet. Hat das mit CKScanner bereits gepasst?

Jedenfalls ist hier mal das ComboFix-Log und ich würde gerne wissen wie es denn mit all diesen Logfiles ausschaut? Sind die alle clean oder konntest du noch irgendwas finden? Was ist mit diesem Akamai? Ist das unbedenklich oder soll ich das löschen? Bitte um ein paar Antworten ... wir könnten den ganzen Tag nur Logdateien erstellen und diverse Programme ausprobieren, aber wie sieht es denn jetzt aus?!

Code:
ComboFix 12-05-27.01 - John 27.05.2012  15:14:38.3.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4094.2388 [GMT 2:00]
ausgeführt von:: c:\users\John\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-27 bis 2012-05-27  ))))))))))))))))))))))))))))))
.
.
2012-05-27 13:22 . 2012-05-27 13:22        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-27 10:36 . 2012-05-27 10:36        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\offreg.dll
2012-05-26 12:00 . 2012-05-26 12:00        61440        ----a-w-        c:\windows\SysWow64\drivers\ukmzyzk.sys
2012-05-26 11:48 . 2012-05-26 11:48        61440        ----a-w-        c:\windows\SysWow64\drivers\aaxblh.sys
2012-05-25 11:44 . 2012-05-14 23:41        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\mpengine.dll
2012-05-20 17:37 . 2012-02-23 08:18        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-19 19:36 . 2012-05-19 19:36        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-05-18 16:41 . 2012-05-18 16:47        --------        d-----w-        c:\users\John\.yawcam
2012-05-11 18:31 . 2012-05-11 18:31        --------        d-----w-        c:\users\John\AppData\Local\SplitMediaLabs
2012-05-10 18:54 . 2012-05-10 18:54        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-05-10 16:33 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-10 16:33 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-10 16:33 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 16:33 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 16:33 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 16:33 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 16:32 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 16:32 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 16:32 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 16:32 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 16:32 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 16:32 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 16:32 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-02 17:05 . 2012-05-02 17:05        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 17:05 . 2012-05-02 17:05        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 17:05 . 2012-05-02 17:05        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 16:29 . 2011-10-16 17:07        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 16:29 . 2011-10-16 17:07        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 17:04 . 2012-04-02 10:34        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:04 . 2011-05-29 11:38        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:04 . 2012-04-02 11:04        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 14:29 . 2011-07-17 12:51        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-04-04 13:56 . 2011-06-11 18:02        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-25 09:14 . 2012-03-25 09:13        937506065        ----a-w-        C:\FTP-Backup_AllSites_15.03.2012.zip
2012-03-21 12:30 . 2012-03-21 12:31        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-13 17:51 . 2012-03-13 17:51        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:51 . 2012-03-13 17:51        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-13 17:51 . 2012-03-13 17:51        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:50 . 2012-03-13 17:50        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:50 . 2012-03-13 17:50        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:50 . 2012-03-13 17:50        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:50 . 2012-03-13 17:50        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-01 06:46 . 2012-04-12 17:11        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 17:11        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 17:11        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 17:11        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 17:11        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 17:11        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 17:11        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 17:20        2311168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 17:20        1390080        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 17:20        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 17:20        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 17:20        1799168        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 17:20        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 17:20        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 17:20        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AUTOWorker"="d:\john\worker\worker.exe" [2012-05-19 1988096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\DRIVERS\VAud_WDM.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2010-07-08 333264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80206027
*NewlyCreated* - 95898358
*NewlyCreated* - ASWMBR
*Deregistered* - 80206027
*Deregistered* - 95898358
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:04]
.
2012-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
2012-05-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: An OneNote s&enden - c:\progra~2\MIC30F~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIC30F~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1580277A-4F5E-61BA-30D0-5C805A834D61} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PHPTriad Module: Phorum - c:\windows\system32\GKSUI18.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
  57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:42,a4,2a,4b,e6,f9,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
.
[HKEY_USERS\S-1-5-21-2662835983-198996045-1991720036-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-27  15:26:00
ComboFix-quarantined-files.txt  2012-05-27 13:25
ComboFix2.txt  2012-05-26 12:30
.
Vor Suchlauf: 10 Verzeichnis(se), 76.922.966.016 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 76.845.314.048 Bytes frei
.
- - End Of File - - 0CEBC36C65C3E179E05DB09646937C4B

Psychotic 27.05.2012 18:24
Ckscan war in Ordnung. :)

Und eines kann ich bisher mit Sicherheit sagen: In Ordnung ist das System nicht!
Um genaues sagen zu können, müssen wir noch etwas weitermachen...


Virustotal-Prüfung


Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    c:\windows\SysWow64\drivers\aaxblh.sys
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wiederhole die selben Schritte mit folgenden Dateien.
Code:
c:\windows\SysWow64\drivers\ukmzyzk.sys

Jojo95 27.05.2012 18:37
Diese Dateien sind mir selbst auch aufgefallen, und ich hab sie schonmal bei Virustotal scannen lassen, vor 4 Tagen ungefähr. Und damals war es auch wie jetzt das gleiche Ergebnis:

5 Scanner schlagen Alarm, auffallend ist, das sie genau die gleichen "Infektionen" melden und das es genau die gleichen Scanner sind bei beiden Dateien. Ich denke wohl das ist ein neuer Schädling? Aber das komisch ist, das anscheinend nichts vom System diese Dateien verwendet, denn ich kann sie einfach verschieben, bspw. in den Papierkorb verschieben und löschen. Ich hab sie jetzt in ein Archiv gepackt und auf mein Desktop verschoben und die ursprünglichen Dateien mal entfernt, mal schauen ob es Nebenwirkungen gibt.

Hier der Link:
https://www.virustotal.com/file/03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae/analysis/1338140033/

https://www.virustotal.com/file/03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae/analysis/1338140794/

// Anscheinend sind beide Dateien ein Teil vom Avenger von Swandog? Den hat mein Freund ausführen wollen um die Desktop.ini's zu löschen, aber der Avenger hat damals nicht funktioniert.

Du sagst das System ist nicht in Ordnung, jetzt mache ich mir Sorgen. Hätte ich ihn doch nicht an den PC ran lassen sollen? Sollte ich neuaufsetzen?

Psychotic 27.05.2012 20:03
TheAvenger ist eines der mächtigsten Tools, das wir kennen. Ohne genau zu wissen, was man tut, sollte man die Finger davon lassen!


Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
DDS::
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = 127.0.0.1:9421
CLEARJAVACACHE::
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 3: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Psychotic 29.05.2012 09:48
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Jojo95 29.05.2012 09:54
Zitat:
Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
Das ist mir bewusst und deswegen habe ich ja vorgeschlagen zu formatieren ...

Ich scanne gerade aber das dauert nunmal viele Stunden weil ich Millionen von Dateien oben habe 330 GB scannen geht nunmal nicht so schnell ...

ComboFix Log hätte ich mal bereit und ESET ist schon fast fertig aber Malwarebytes braucht noch länger ...

Code:
ComboFix 12-05-27.02 - John 27.05.2012  21:16:22.4.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4094.2274 [GMT 2:00]
ausgeführt von:: c:\users\John\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\John\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-27 bis 2012-05-27  ))))))))))))))))))))))))))))))
.
.
2012-05-27 19:25 . 2012-05-27 19:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-27 10:36 . 2012-05-27 10:36        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\offreg.dll
2012-05-25 11:44 . 2012-05-14 23:41        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2097FEE-C836-4DC7-AD43-391F37D145E8}\mpengine.dll
2012-05-20 17:37 . 2012-02-23 08:18        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-19 19:36 . 2012-05-19 19:36        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-05-18 16:41 . 2012-05-18 16:47        --------        d-----w-        c:\users\John\.yawcam
2012-05-11 18:31 . 2012-05-11 18:31        --------        d-----w-        c:\users\John\AppData\Local\SplitMediaLabs
2012-05-10 18:54 . 2012-05-10 18:54        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-05-10 16:33 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-10 16:33 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-10 16:33 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 16:33 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 16:33 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 16:33 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 16:32 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 16:32 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 16:32 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 16:32 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 16:32 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 16:32 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 16:32 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-02 17:05 . 2012-05-02 17:05        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 17:05 . 2012-05-02 17:05        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 17:05 . 2012-05-02 17:05        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 16:29 . 2011-10-16 17:07        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 16:29 . 2011-10-16 17:07        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 17:04 . 2012-04-02 10:34        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:04 . 2011-05-29 11:38        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:04 . 2012-04-02 11:04        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 14:29 . 2011-07-17 12:51        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-04-04 13:56 . 2011-06-11 18:02        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-25 09:14 . 2012-03-25 09:13        937506065        ----a-w-        C:\FTP-Backup_AllSites_15.03.2012.zip
2012-03-21 12:30 . 2012-03-21 12:31        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-13 17:51 . 2012-03-13 17:51        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:51 . 2012-03-13 17:51        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-13 17:51 . 2012-03-13 17:51        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:50 . 2012-03-13 17:50        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:50 . 2012-03-13 17:50        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:50 . 2012-03-13 17:50        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:50 . 2012-03-13 17:50        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-01 06:46 . 2012-04-12 17:11        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 17:11        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 17:11        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 17:11        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 17:11        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 17:11        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 17:11        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 17:20        2311168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 17:20        1390080        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 17:20        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 17:20        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 17:20        1799168        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 17:20        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 17:20        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 17:20        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AUTOWorker"="d:\john\worker\worker.exe" [2012-05-19 1988096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          RegistryDefragBootTime.exe\0autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R0 mmfo;mmfo;c:\windows\system32\drivers\ukmzyzk.sys [x]
R0 nfccu;nfccu;c:\windows\system32\drivers\aaxblh.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\DRIVERS\VAud_WDM.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2010-07-08 333264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80206027
*NewlyCreated* - 95898358
*NewlyCreated* - ASWMBR
*Deregistered* - 80206027
*Deregistered* - 95898358
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:04]
.
2012-05-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
2012-05-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIC30F~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIC30F~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1580277A-4F5E-61BA-30D0-5C805A834D61} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PHPTriad Module: Phorum - c:\windows\system32\GKSUI18.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
  57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:42,a4,2a,4b,e6,f9,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
.
[HKEY_USERS\S-1-5-21-2662835983-198996045-1991720036-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-27  21:32:13
ComboFix-quarantined-files.txt  2012-05-27 19:32
.
Vor Suchlauf: 10 Verzeichnis(se), 75.298.238.464 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 75.167.731.712 Bytes frei
.
- - End Of File - - F4D7EB39E4DF9F8736DBAADD9B393808

Psychotic 29.05.2012 10:01
Zitat:
R0 mmfo;mmfo;c:\windows\system32\drivers\ukmzyzk.sys [x]
R0 nfccu;nfccu;c:\windows\system32\drivers\aaxblh.sys [x]
Ich glaube kaum, dass die Dateien von Avenger sind...sie haben sich nämlich ganz plötzlich als Kerneltreiber registriert...:pfeiff:

Jojo95 29.05.2012 10:15
Wie kann das sein?!?! Die Dateien existieren nicht... Ich find sie nicht obwohl Geschützte Systemdateien anzeigen aktiviert ist und Versteckte Dateien anzeigen auch und selbst die Konsole sagt nichts:
Zitat:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Users\John>if exist "c:\windows\system32\drivers\ukmzyzk.sys" echo ja

C:\Users\John>if exist "c:\windows\system32\drivers\aaxblh.sys" echo ja

C:\Users\John>if not exist "c:\windows\system32\drivers\ukmzyzk.sys" echo ja
ja

C:\Users\John>if not exist "c:\windows\system32\drivers\aaxblh.sys" echo ja
ja

C:\Users\John>
Was soll ich jetzt machen? ESET Log kommt bald. MalwareBytes ist gerade fertig geworden:

MalwareBytes

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-PC [Administrator]

Schutz: Deaktiviert

29.05.2012 08:26:09
mbam-log-2012-05-29 (08-26-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 438470
Laufzeit: 2 Stunde(n), 44 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ich habe noch diese zwei Dateien in dem Archiv. Kann ich die irgendwo hochladen und irgendwer kann das sich näher anschauen? Oder was machen wir jetzt ?!

Psychotic 29.05.2012 10:24
Gucken wir uns das nochmal genauer an!

Schritt 1: TDSS-Killer (Scan mit TDSS-Killer)


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Schritt 2: OTL (custom)


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Jojo95 29.05.2012 10:27
TDSS-Killer:
Code:
11:25:40.0649 0716        TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
11:25:40.0889 0716        ============================================================
11:25:40.0889 0716        Current date / time: 2012/05/29 11:25:40.0889
11:25:40.0890 0716        SystemInfo:
11:25:40.0890 0716       
11:25:40.0890 0716        OS Version: 6.1.7601 ServicePack: 1.0
11:25:40.0890 0716        Product type: Workstation
11:25:40.0890 0716        ComputerName: JOHN-PC
11:25:40.0890 0716        UserName: John
11:25:40.0890 0716        Windows directory: C:\Windows
11:25:40.0890 0716        System windows directory: C:\Windows
11:25:40.0890 0716        Running under WOW64
11:25:40.0890 0716        Processor architecture: Intel x64
11:25:40.0890 0716        Number of processors: 4
11:25:40.0890 0716        Page size: 0x1000
11:25:40.0890 0716        Boot type: Normal boot
11:25:40.0890 0716        ============================================================
11:25:44.0502 0716        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:25:44.0510 0716        ============================================================
11:25:44.0510 0716        \Device\Harddisk0\DR0:
11:25:44.0510 0716        MBR partitions:
11:25:44.0510 0716        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x12A14A08
11:25:44.0530 0716        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15127000, BlocksNum 0x35730800
11:25:44.0530 0716        ============================================================
11:25:44.0567 0716        C: <-> \Device\Harddisk0\DR0\Partition0
11:25:44.0890 0716        D: <-> \Device\Harddisk0\DR0\Partition1
11:25:44.0890 0716        ============================================================
11:25:44.0890 0716        Initialize success
11:25:44.0890 0716        ============================================================
11:25:57.0152 6140        ============================================================
11:25:57.0153 6140        Scan started
11:25:57.0153 6140        Mode: Manual; TDLFS;
11:25:57.0153 6140        ============================================================
11:26:01.0502 6140        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:26:01.0520 6140        1394ohci - ok
11:26:01.0575 6140        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:26:01.0579 6140        ACPI - ok
11:26:01.0612 6140        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:26:01.0617 6140        AcpiPmi - ok
11:26:01.0712 6140        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:26:01.0714 6140        AdobeARMservice - ok
11:26:01.0873 6140        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:26:01.0892 6140        AdobeFlashPlayerUpdateSvc - ok
11:26:01.0961 6140        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:26:01.0985 6140        adp94xx - ok
11:26:02.0029 6140        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:26:02.0050 6140        adpahci - ok
11:26:02.0079 6140        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:26:02.0095 6140        adpu320 - ok
11:26:02.0297 6140        AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
11:26:02.0319 6140        AdvancedSystemCareService5 - ok
11:26:02.0354 6140        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:26:02.0357 6140        AeLookupSvc - ok
11:26:02.0432 6140        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:26:02.0460 6140        AFD - ok
11:26:02.0547 6140        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:26:02.0572 6140        agp440 - ok
11:26:02.0923 6140        Akamai          (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
11:26:02.0923 6140        Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
11:26:02.0931 6140        Akamai ( HiddenFile.Multi.Generic ) - warning
11:26:02.0931 6140        Akamai - detected HiddenFile.Multi.Generic (1)
11:26:03.0047 6140        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:26:03.0055 6140        ALG - ok
11:26:03.0125 6140        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:26:03.0131 6140        aliide - ok
11:26:03.0176 6140        AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
11:26:03.0185 6140        AMD External Events Utility - ok
11:26:03.0201 6140        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:26:03.0207 6140        amdide - ok
11:26:03.0238 6140        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:26:03.0246 6140        AmdK8 - ok
11:26:11.0064 6140        amdkmdag        (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
11:26:11.0282 6140        amdkmdag - ok
11:26:12.0205 6140        amdkmdap        (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
11:26:12.0251 6140        amdkmdap - ok
11:26:12.0389 6140        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:26:12.0430 6140        AmdPPM - ok
11:26:12.0490 6140        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:26:12.0500 6140        amdsata - ok
11:26:12.0646 6140        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:26:12.0707 6140        amdsbs - ok
11:26:12.0859 6140        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:26:12.0870 6140        amdxata - ok
11:26:13.0409 6140        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:26:13.0412 6140        AntiVirSchedulerService - ok
11:26:13.0519 6140        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:26:13.0535 6140        AntiVirService - ok
11:26:14.0668 6140        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
11:26:14.0745 6140        AntiVirWebService - ok
11:26:15.0260 6140        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:26:15.0348 6140        AppID - ok
11:26:15.0589 6140        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:26:15.0597 6140        AppIDSvc - ok
11:26:16.0114 6140        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:26:16.0222 6140        Appinfo - ok
11:26:16.0771 6140        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:26:16.0845 6140        arc - ok
11:26:17.0379 6140        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:26:17.0431 6140        arcsas - ok
11:26:18.0486 6140        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:26:18.0658 6140        aspnet_state - ok
11:26:18.0772 6140        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:26:18.0810 6140        AsyncMac - ok
11:26:18.0864 6140        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:26:18.0870 6140        atapi - ok
11:26:19.0165 6140        athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
11:26:19.0311 6140        athr - ok
11:26:20.0137 6140        AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
11:26:20.0147 6140        AtiHDAudioService - ok
11:26:20.0763 6140        AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
11:26:20.0828 6140        AtiHdmiService - ok
11:26:21.0766 6140        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:21.0979 6140        AudioEndpointBuilder - ok
11:26:21.0988 6140        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:21.0994 6140        AudioSrv - ok
11:26:22.0041 6140        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
11:26:22.0052 6140        avgntflt - ok
11:26:22.0804 6140        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
11:26:22.0867 6140        avipbb - ok
11:26:23.0059 6140        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:26:23.0098 6140        avkmgr - ok
11:26:23.0144 6140        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:26:23.0152 6140        AxInstSV - ok
11:26:24.0222 6140        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:26:24.0286 6140        b06bdrv - ok
11:26:25.0362 6140        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:26:25.0456 6140        b57nd60a - ok
11:26:25.0540 6140        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:26:25.0549 6140        BDESVC - ok
11:26:25.0577 6140        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:26:25.0581 6140        Beep - ok
11:26:27.0892 6140        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:26:28.0121 6140        BFE - ok
11:26:31.0061 6140        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:26:31.0204 6140        BITS - ok
11:26:31.0679 6140        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:26:31.0686 6140        blbdrive - ok
11:26:32.0916 6140        Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:26:32.0939 6140        Bonjour Service - ok
11:26:33.0412 6140        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:26:33.0462 6140        bowser - ok
11:26:33.0605 6140        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:26:33.0629 6140        BrFiltLo - ok
11:26:33.0725 6140        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:26:33.0729 6140        BrFiltUp - ok
11:26:33.0758 6140        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:26:33.0766 6140        BridgeMP - ok
11:26:34.0186 6140        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:26:34.0212 6140        Browser - ok
11:26:35.0580 6140        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:26:35.0662 6140        Brserid - ok
11:26:35.0716 6140        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:26:35.0723 6140        BrSerWdm - ok
11:26:35.0812 6140        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:26:35.0837 6140        BrUsbMdm - ok
11:26:35.0968 6140        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:26:36.0005 6140        BrUsbSer - ok
11:26:36.0347 6140        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:26:36.0396 6140        BTHMODEM - ok
11:26:36.0448 6140        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:26:36.0457 6140        bthserv - ok
11:26:36.0461 6140        catchme - ok
11:26:36.0907 6140        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:26:36.0957 6140        cdfs - ok
11:26:37.0001 6140        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:26:37.0012 6140        cdrom - ok
11:26:37.0237 6140        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:37.0286 6140        CertPropSvc - ok
11:26:37.0530 6140        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:26:37.0572 6140        circlass - ok
11:26:39.0493 6140        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:26:39.0582 6140        CLFS - ok
11:26:40.0205 6140        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:26:40.0244 6140        clr_optimization_v2.0.50727_32 - ok
11:26:40.0347 6140        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:26:40.0360 6140        clr_optimization_v2.0.50727_64 - ok
11:26:40.0730 6140        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:26:40.0765 6140        clr_optimization_v4.0.30319_32 - ok
11:26:40.0946 6140        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:26:40.0964 6140        clr_optimization_v4.0.30319_64 - ok
11:26:40.0999 6140        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:26:41.0003 6140        CmBatt - ok
11:26:41.0063 6140        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:26:41.0089 6140        cmdide - ok
11:26:41.0198 6140        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:26:41.0238 6140        CNG - ok
11:26:41.0266 6140        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:26:41.0275 6140        Compbatt - ok
11:26:41.0301 6140        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:26:41.0310 6140        CompositeBus - ok
11:26:41.0314 6140        COMSysApp - ok
11:26:41.0332 6140        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:26:41.0341 6140        crcdisk - ok
11:26:41.0384 6140        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:26:41.0403 6140        CryptSvc - ok
11:26:41.0671 6140        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:26:41.0682 6140        DcomLaunch - ok
11:26:41.0860 6140        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:26:41.0887 6140        defragsvc - ok
11:26:42.0040 6140        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:26:42.0064 6140        DfsC - ok
11:26:42.0170 6140        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:26:42.0207 6140        Dhcp - ok
11:26:42.0288 6140        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:26:42.0314 6140        discache - ok
11:26:42.0343 6140        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:26:42.0353 6140        Disk - ok
11:26:42.0395 6140        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:26:42.0415 6140        Dnscache - ok
11:26:43.0345 6140        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:26:43.0427 6140        dot3svc - ok
11:26:44.0134 6140        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:26:44.0154 6140        DPS - ok
11:26:44.0285 6140        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:26:44.0289 6140        drmkaud - ok
11:26:44.0383 6140        dtsoftbus01    (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:26:44.0398 6140        dtsoftbus01 - ok
11:26:44.0499 6140        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:26:44.0548 6140        DXGKrnl - ok
11:26:44.0604 6140        e2eVAWdm        (fec2c525df6838f3589529b549ab0a8e) C:\Windows\system32\DRIVERS\VAud_WDM.sys
11:26:44.0617 6140        e2eVAWdm - ok
11:26:44.0703 6140        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:26:44.0714 6140        EapHost - ok
11:26:45.0012 6140        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:26:45.0107 6140        ebdrv - ok
11:26:45.0222 6140        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:26:45.0225 6140        EFS - ok
11:26:45.0348 6140        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:26:45.0373 6140        ehRecvr - ok
11:26:45.0420 6140        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:26:45.0432 6140        ehSched - ok
11:26:45.0541 6140        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:26:45.0562 6140        elxstor - ok
11:26:45.0623 6140        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:26:45.0649 6140        ErrDev - ok
11:26:45.0735 6140        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:26:45.0767 6140        EventSystem - ok
11:26:45.0810 6140        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:26:45.0827 6140        exfat - ok
11:26:45.0866 6140        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:26:45.0877 6140        fastfat - ok
11:26:45.0954 6140        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:26:45.0978 6140        Fax - ok
11:26:45.0991 6140        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:26:45.0997 6140        fdc - ok
11:26:46.0024 6140        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:26:46.0030 6140        fdPHost - ok
11:26:46.0052 6140        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:26:46.0060 6140        FDResPub - ok
11:26:46.0079 6140        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:26:46.0087 6140        FileInfo - ok
11:26:46.0194 6140        FileMonitor    (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
11:26:46.0196 6140        FileMonitor - ok
11:26:46.0218 6140        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:26:46.0225 6140        Filetrace - ok
11:26:46.0326 6140        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:26:46.0384 6140        FLEXnet Licensing Service - ok
11:26:46.0427 6140        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:26:46.0433 6140        flpydisk - ok
11:26:46.0480 6140        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:26:46.0504 6140        FltMgr - ok
11:26:46.0842 6140        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:26:46.0914 6140        FontCache - ok
11:26:47.0058 6140        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:26:47.0086 6140        FontCache3.0.0.0 - ok
11:26:47.0135 6140        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:26:47.0144 6140        FsDepends - ok
11:26:47.0168 6140        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:26:47.0175 6140        Fs_Rec - ok
11:26:47.0216 6140        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:26:47.0237 6140        fvevol - ok
11:26:47.0270 6140        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:26:47.0279 6140        gagp30kx - ok
11:26:47.0362 6140        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:26:47.0394 6140        gpsvc - ok
11:26:47.0429 6140        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:26:47.0435 6140        hamachi - ok
11:26:47.0459 6140        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:26:47.0466 6140        hcw85cir - ok
11:26:47.0517 6140        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:26:47.0547 6140        HdAudAddService - ok
11:26:47.0590 6140        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:26:47.0599 6140        HDAudBus - ok
11:26:47.0605 6140        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:26:47.0611 6140        HidBatt - ok
11:26:47.0621 6140        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:26:47.0631 6140        HidBth - ok
11:26:47.0638 6140        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:26:47.0645 6140        HidIr - ok
11:26:47.0676 6140        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:26:47.0684 6140        hidserv - ok
11:26:47.0704 6140        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:26:47.0711 6140        HidUsb - ok
11:26:47.0750 6140        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:26:47.0758 6140        hkmsvc - ok
11:26:47.0806 6140        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:26:47.0825 6140        HomeGroupListener - ok
11:26:47.0850 6140        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:26:47.0868 6140        HomeGroupProvider - ok
11:26:47.0914 6140        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:26:47.0923 6140        HpSAMD - ok
11:26:47.0994 6140        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:26:48.0036 6140        HTTP - ok
11:26:48.0056 6140        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:26:48.0062 6140        hwpolicy - ok
11:26:48.0101 6140        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:26:48.0112 6140        i8042prt - ok
11:26:48.0170 6140        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:26:48.0188 6140        iaStorV - ok
11:26:48.0350 6140        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:26:48.0389 6140        idsvc - ok
11:26:48.0427 6140        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:26:48.0435 6140        iirsp - ok
11:26:48.0522 6140        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:26:48.0598 6140        IKEEXT - ok
11:26:49.0285 6140        IMFservice      (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
11:26:49.0305 6140        IMFservice - ok
11:26:49.0650 6140        IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
11:26:49.0752 6140        IntcAzAudAddService - ok
11:26:49.0878 6140        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:26:49.0884 6140        intelide - ok
11:26:49.0918 6140        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:26:49.0927 6140        intelppm - ok
11:26:49.0960 6140        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:26:49.0970 6140        IPBusEnum - ok
11:26:49.0997 6140        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:26:50.0005 6140        IpFilterDriver - ok
11:26:50.0067 6140        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:26:50.0077 6140        iphlpsvc - ok
11:26:50.0119 6140        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:26:50.0129 6140        IPMIDRV - ok
11:26:50.0159 6140        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:26:50.0179 6140        IPNAT - ok
11:26:50.0201 6140        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:26:50.0206 6140        IRENUM - ok
11:26:50.0224 6140        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:26:50.0231 6140        isapnp - ok
11:26:50.0289 6140        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:26:50.0315 6140        iScsiPrt - ok
11:26:50.0355 6140        JMCR            (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
11:26:50.0363 6140        JMCR - ok
11:26:50.0409 6140        JME            (8adaafcd2b8c259debf6c8dfd9727889) C:\Windows\system32\DRIVERS\JME.sys
11:26:50.0419 6140        JME - ok
11:26:50.0453 6140        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:26:50.0461 6140        kbdclass - ok
11:26:50.0488 6140        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:26:50.0494 6140        kbdhid - ok
11:26:50.0521 6140        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:50.0524 6140        KeyIso - ok
11:26:50.0545 6140        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:26:50.0554 6140        KSecDD - ok
11:26:50.0581 6140        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:26:50.0594 6140        KSecPkg - ok
11:26:50.0619 6140        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:26:50.0625 6140        ksthunk - ok
11:26:50.0692 6140        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:26:50.0714 6140        KtmRm - ok
11:26:50.0760 6140        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:26:50.0786 6140        LanmanServer - ok
11:26:50.0833 6140        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:26:50.0845 6140        LanmanWorkstation - ok
11:26:50.0888 6140        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:26:50.0896 6140        lltdio - ok
11:26:50.0951 6140        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:26:50.0974 6140        lltdsvc - ok
11:26:50.0993 6140        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:26:51.0000 6140        lmhosts - ok
11:26:51.0031 6140        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:26:51.0040 6140        LSI_FC - ok
11:26:51.0075 6140        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:26:51.0084 6140        LSI_SAS - ok
11:26:51.0094 6140        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:26:51.0102 6140        LSI_SAS2 - ok
11:26:51.0116 6140        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:26:51.0125 6140        LSI_SCSI - ok
11:26:51.0156 6140        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:26:51.0165 6140        luafv - ok
11:26:51.0197 6140        massfilter      (1b4dbcaa0321bbb76255983148051f09) C:\Windows\system32\drivers\massfilter.sys
11:26:51.0202 6140        massfilter - ok
11:26:51.0235 6140        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:26:51.0242 6140        MBAMProtector - ok
11:26:51.0349 6140        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:26:51.0362 6140        MBAMService - ok
11:26:51.0396 6140        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:26:51.0405 6140        Mcx2Svc - ok
11:26:51.0502 6140        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:26:51.0516 6140        MDM - ok
11:26:51.0567 6140        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:26:51.0574 6140        megasas - ok
11:26:51.0598 6140        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:26:51.0610 6140        MegaSR - ok
11:26:51.0674 6140        Microsoft SharePoint Workspace Audit Service - ok
11:26:51.0717 6140        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:51.0720 6140        MMCSS - ok
11:26:51.0724 6140        mmfo - ok
11:26:51.0753 6140        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:26:51.0760 6140        Modem - ok
11:26:51.0775 6140        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:26:51.0782 6140        monitor - ok
11:26:51.0819 6140        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:26:51.0829 6140        mouclass - ok
11:26:51.0850 6140        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:26:51.0856 6140        mouhid - ok
11:26:51.0882 6140        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:26:51.0891 6140        mountmgr - ok
11:26:52.0006 6140        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:26:52.0038 6140        MozillaMaintenance - ok
11:26:52.0075 6140        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:26:52.0095 6140        mpio - ok
11:26:52.0162 6140        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:26:52.0170 6140        mpsdrv - ok
11:26:52.0257 6140        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:26:52.0291 6140        MpsSvc - ok
11:26:52.0340 6140        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:26:52.0350 6140        MRxDAV - ok
11:26:52.0393 6140        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:26:52.0410 6140        mrxsmb - ok
11:26:52.0468 6140        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:26:52.0491 6140        mrxsmb10 - ok
11:26:52.0552 6140        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:26:52.0573 6140        mrxsmb20 - ok
11:26:52.0609 6140        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:26:52.0616 6140        msahci - ok
11:26:52.0655 6140        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:26:52.0666 6140        msdsm - ok
11:26:52.0713 6140        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:26:52.0734 6140        MSDTC - ok
11:26:52.0769 6140        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:26:52.0775 6140        Msfs - ok
11:26:52.0791 6140        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:26:52.0795 6140        mshidkmdf - ok
11:26:52.0807 6140        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:26:52.0813 6140        msisadrv - ok
11:26:52.0851 6140        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:26:52.0869 6140        MSiSCSI - ok
11:26:52.0875 6140        msiserver - ok
11:26:52.0891 6140        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:26:52.0895 6140        MSKSSRV - ok
11:26:52.0900 6140        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:26:52.0904 6140        MSPCLOCK - ok
11:26:52.0910 6140        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:26:52.0914 6140        MSPQM - ok
11:26:52.0969 6140        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:26:52.0987 6140        MsRPC - ok
11:26:53.0018 6140        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:26:53.0027 6140        mssmbios - ok
11:26:53.0032 6140        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:26:53.0035 6140        MSTEE - ok
11:26:53.0041 6140        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:26:53.0046 6140        MTConfig - ok
11:26:53.0082 6140        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
11:26:53.0088 6140        MTsensor - ok
11:26:53.0109 6140        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:26:53.0117 6140        Mup - ok
11:26:53.0188 6140        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:26:53.0196 6140        napagent - ok
11:26:53.0255 6140        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:26:53.0280 6140        NativeWifiP - ok
11:26:53.0377 6140        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:26:53.0396 6140        NDIS - ok
11:26:53.0434 6140        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:26:53.0440 6140        NdisCap - ok
11:26:53.0457 6140        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:26:53.0462 6140        NdisTapi - ok
11:26:53.0480 6140        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:26:53.0488 6140        Ndisuio - ok
11:26:53.0526 6140        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:26:53.0545 6140        NdisWan - ok
11:26:53.0562 6140        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:26:53.0569 6140        NDProxy - ok
11:26:53.0607 6140        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:26:53.0613 6140        NetBIOS - ok
11:26:53.0687 6140        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:26:53.0715 6140        NetBT - ok
11:26:53.0744 6140        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:53.0747 6140        Netlogon - ok
11:26:53.0800 6140        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:26:53.0822 6140        Netman - ok
11:26:53.0927 6140        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:26:53.0949 6140        NetMsmqActivator - ok
11:26:53.0967 6140        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:26:53.0968 6140        NetPipeActivator - ok
11:26:54.0042 6140        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:26:54.0074 6140        netprofm - ok
11:26:54.0080 6140        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:26:54.0082 6140        NetTcpActivator - ok
11:26:54.0087 6140        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:26:54.0088 6140        NetTcpPortSharing - ok
11:26:54.0121 6140        nfccu - ok
11:26:54.0164 6140        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:26:54.0172 6140        nfrd960 - ok
11:26:54.0216 6140        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:26:54.0240 6140        NlaSvc - ok
11:26:54.0270 6140        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:26:54.0278 6140        Npfs - ok
11:26:54.0331 6140        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:26:54.0356 6140        nsi - ok
11:26:54.0389 6140        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:26:54.0394 6140        nsiproxy - ok
11:26:54.0546 6140        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:26:54.0676 6140        Ntfs - ok
11:26:54.0822 6140        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:26:54.0826 6140        Null - ok
11:26:54.0878 6140        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:26:54.0887 6140        nvraid - ok
11:26:54.0937 6140        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:26:54.0957 6140        nvstor - ok
11:26:54.0999 6140        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:26:55.0009 6140        nv_agp - ok
11:26:55.0038 6140        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:26:55.0047 6140        ohci1394 - ok
11:26:55.0140 6140        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:26:55.0171 6140        ose - ok
11:26:55.0558 6140        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:26:55.0720 6140        osppsvc - ok
11:26:55.0857 6140        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:55.0870 6140        p2pimsvc - ok
11:26:55.0936 6140        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:26:55.0965 6140        p2psvc - ok
11:26:56.0035 6140        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:26:56.0044 6140        Parport - ok
11:26:56.0081 6140        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:26:56.0090 6140        partmgr - ok
11:26:56.0133 6140        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:26:56.0151 6140        PcaSvc - ok
11:26:56.0196 6140        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:26:56.0205 6140        pci - ok
11:26:56.0228 6140        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:26:56.0233 6140        pciide - ok
11:26:56.0286 6140        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:26:56.0306 6140        pcmcia - ok
11:26:56.0321 6140        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:26:56.0329 6140        pcw - ok
11:26:56.0384 6140        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:26:56.0411 6140        PEAUTH - ok
11:26:56.0522 6140        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:26:56.0530 6140        PerfHost - ok
11:26:56.0739 6140        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:26:56.0818 6140        pla - ok
11:26:56.0876 6140        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:26:56.0906 6140        PlugPlay - ok
11:26:56.0911 6140        PnkBstrA - ok
11:26:56.0947 6140        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:26:56.0955 6140        PNRPAutoReg - ok
11:26:57.0003 6140        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:57.0007 6140        PNRPsvc - ok
11:26:57.0074 6140        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:26:57.0100 6140        PolicyAgent - ok
11:26:57.0146 6140        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:26:57.0158 6140        Power - ok
11:26:57.0244 6140        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:26:57.0254 6140        PptpMiniport - ok
11:26:57.0289 6140        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:26:57.0298 6140        Processor - ok
11:26:57.0344 6140        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:26:57.0358 6140        ProfSvc - ok
11:26:57.0389 6140        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:57.0392 6140        ProtectedStorage - ok
11:26:57.0420 6140        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:26:57.0424 6140        Psched - ok
11:26:57.0458 6140        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:26:57.0466 6140        PxHlpa64 - ok
11:26:57.0596 6140        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:26:57.0656 6140        ql2300 - ok
11:26:57.0816 6140        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:26:57.0829 6140        ql40xx - ok
11:26:57.0887 6140        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:26:57.0915 6140        QWAVE - ok
11:26:57.0930 6140        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:26:57.0936 6140        QWAVEdrv - ok
11:26:57.0953 6140        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:26:57.0958 6140        RasAcd - ok
11:26:57.0992 6140        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:26:58.0000 6140        RasAgileVpn - ok
11:26:58.0035 6140        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:26:58.0044 6140        RasAuto - ok
11:26:58.0079 6140        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:26:58.0088 6140        Rasl2tp - ok
11:26:58.0135 6140        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:26:58.0157 6140        RasMan - ok
11:26:58.0209 6140        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:26:58.0217 6140        RasPppoe - ok
11:26:58.0247 6140        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:26:58.0256 6140        RasSstp - ok
11:26:58.0297 6140        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:26:58.0321 6140        rdbss - ok
11:26:58.0355 6140        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:26:58.0361 6140        rdpbus - ok
11:26:58.0381 6140        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:26:58.0385 6140        RDPCDD - ok
11:26:58.0404 6140        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:26:58.0408 6140        RDPENCDD - ok
11:26:58.0419 6140        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:26:58.0423 6140        RDPREFMP - ok
11:26:58.0469 6140        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:26:58.0485 6140        RDPWD - ok
11:26:58.0580 6140        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:26:58.0598 6140        rdyboost - ok
11:26:58.0707 6140        RegFilter      (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
11:26:58.0714 6140        RegFilter - ok
11:26:58.0775 6140        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:26:58.0784 6140        RemoteAccess - ok
11:26:58.0832 6140        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:26:58.0849 6140        RemoteRegistry - ok
11:26:58.0881 6140        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:26:58.0891 6140        RpcEptMapper - ok
11:26:58.0929 6140        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:26:58.0934 6140        RpcLocator - ok
11:26:58.0993 6140        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:26:59.0006 6140        RpcSs - ok
11:26:59.0037 6140        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:26:59.0045 6140        rspndr - ok
11:26:59.0077 6140        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:59.0079 6140        SamSs - ok
11:26:59.0119 6140        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:26:59.0129 6140        sbp2port - ok
11:26:59.0185 6140        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:26:59.0200 6140        SCardSvr - ok
11:26:59.0235 6140        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:26:59.0241 6140        scfilter - ok
11:26:59.0341 6140        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:26:59.0390 6140        Schedule - ok
11:26:59.0415 6140        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:59.0424 6140        SCPolicySvc - ok
11:26:59.0464 6140        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:26:59.0473 6140        sdbus - ok
11:26:59.0540 6140        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:26:59.0561 6140        SDRSVC - ok
11:26:59.0591 6140        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:26:59.0596 6140        secdrv - ok
11:26:59.0619 6140        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:26:59.0629 6140        seclogon - ok
11:26:59.0674 6140        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:26:59.0684 6140        SENS - ok
11:26:59.0699 6140        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:26:59.0707 6140        SensrSvc - ok
11:26:59.0732 6140        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:26:59.0737 6140        Serenum - ok
11:26:59.0770 6140        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:26:59.0779 6140        Serial - ok
11:26:59.0810 6140        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:26:59.0816 6140        sermouse - ok
11:26:59.0860 6140        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:26:59.0869 6140        SessionEnv - ok
11:26:59.0904 6140        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:26:59.0908 6140        sffdisk - ok
11:26:59.0927 6140        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:26:59.0932 6140        sffp_mmc - ok
11:26:59.0951 6140        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:26:59.0956 6140        sffp_sd - ok
11:26:59.0992 6140        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:26:59.0997 6140        sfloppy - ok
11:27:00.0064 6140        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:27:00.0086 6140        SharedAccess - ok
11:27:00.0157 6140        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:27:00.0179 6140        ShellHWDetection - ok
11:27:00.0244 6140        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:27:00.0252 6140        SiSRaid2 - ok
11:27:00.0278 6140        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:27:00.0286 6140        SiSRaid4 - ok
11:27:00.0367 6140        SkypeUpdate    (9bac4f095b1e802268b33e4c8ba57256) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:27:00.0444 6140        SkypeUpdate - ok
11:27:00.0475 6140        SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
11:27:00.0480 6140        SmartDefragDriver - ok
11:27:00.0514 6140        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:27:00.0523 6140        Smb - ok
11:27:00.0572 6140        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:27:00.0579 6140        SNMPTRAP - ok
11:27:00.0747 6140        SNP2UVC        (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
11:27:00.0836 6140        SNP2UVC - ok
11:27:00.0923 6140        Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
11:27:00.0937 6140        Sony Ericsson PCCompanion - ok
11:27:01.0068 6140        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:27:01.0076 6140        spldr - ok
11:27:01.0144 6140        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:27:01.0164 6140        Spooler - ok
11:27:01.0412 6140        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:27:01.0493 6140        sppsvc - ok
11:27:01.0666 6140        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:27:01.0678 6140        sppuinotify - ok
11:27:01.0682 6140        sptd - ok
11:27:01.0766 6140        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:27:01.0792 6140        srv - ok
11:27:01.0843 6140        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:27:01.0863 6140        srv2 - ok
11:27:01.0896 6140        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:27:01.0914 6140        srvnet - ok
11:27:01.0985 6140        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:27:02.0002 6140        SSDPSRV - ok
11:27:02.0027 6140        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:27:02.0039 6140        SstpSvc - ok
11:27:02.0063 6140        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:27:02.0070 6140        stexstor - ok
11:27:03.0234 6140        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:27:03.0269 6140        stisvc - ok
11:27:03.0297 6140        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:27:03.0303 6140        swenum - ok
11:27:03.0467 6140        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:27:03.0514 6140        SwitchBoard - ok
11:27:03.0581 6140        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:27:03.0596 6140        swprv - ok
11:27:03.0760 6140        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:27:03.0804 6140        SysMain - ok
11:27:03.0917 6140        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:27:03.0928 6140        TabletInputService - ok
11:27:03.0985 6140        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:27:04.0009 6140        TapiSrv - ok
11:27:04.0044 6140        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:27:04.0048 6140        TBS - ok
11:27:04.0252 6140        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:27:04.0347 6140        Tcpip - ok
11:27:04.0626 6140        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:27:04.0642 6140        TCPIP6 - ok
11:27:04.0882 6140        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:27:04.0889 6140        tcpipreg - ok
11:27:04.0924 6140        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:27:04.0928 6140        TDPIPE - ok
11:27:04.0964 6140        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:27:04.0969 6140        TDTCP - ok
11:27:05.0011 6140        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:27:05.0019 6140        tdx - ok
11:27:05.0370 6140        teamviewervpn  (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
11:27:05.0376 6140        teamviewervpn - ok
11:27:05.0424 6140        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:27:05.0432 6140        TermDD - ok
11:27:05.0531 6140        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:27:05.0613 6140        TermService - ok
11:27:05.0678 6140        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:27:05.0687 6140        Themes - ok
11:27:05.0729 6140        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:27:05.0732 6140        THREADORDER - ok
11:27:05.0755 6140        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:27:05.0767 6140        TrkWks - ok
11:27:05.0830 6140        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:27:05.0838 6140        TrustedInstaller - ok
11:27:05.0876 6140        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:27:05.0882 6140        tssecsrv - ok
11:27:05.0920 6140        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:27:05.0929 6140        TsUsbFlt - ok
11:27:05.0977 6140        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:27:05.0986 6140        tunnel - ok
11:27:06.0030 6140        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:27:06.0037 6140        uagp35 - ok
11:27:06.0090 6140        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:27:06.0104 6140        udfs - ok
11:27:06.0154 6140        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:27:06.0164 6140        UI0Detect - ok
11:27:06.0195 6140        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:27:06.0203 6140        uliagpkx - ok
11:27:06.0225 6140        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:27:06.0233 6140        umbus - ok
11:27:06.0267 6140        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:27:06.0274 6140        UmPass - ok
11:27:06.0335 6140        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:27:06.0355 6140        upnphost - ok
11:27:06.0471 6140        UrlFilter      (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
11:27:06.0473 6140        UrlFilter - ok
11:27:06.0509 6140        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:27:06.0517 6140        usbccgp - ok
11:27:06.0555 6140        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:27:06.0567 6140        usbcir - ok
11:27:06.0596 6140        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:27:06.0603 6140        usbehci - ok
11:27:06.0659 6140        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:27:06.0684 6140        usbhub - ok
11:27:06.0721 6140        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:27:06.0727 6140        usbohci - ok
11:27:06.0756 6140        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:27:06.0762 6140        usbprint - ok
11:27:06.0794 6140        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:27:06.0801 6140        usbscan - ok
11:27:06.0828 6140        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:27:06.0837 6140        USBSTOR - ok
11:27:06.0852 6140        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:27:06.0858 6140        usbuhci - ok
11:27:06.0908 6140        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:27:06.0923 6140        usbvideo - ok
11:27:06.0957 6140        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:27:06.0967 6140        UxSms - ok
11:27:07.0102 6140        VASDeviceDrm    (27542d7e24442eb79e459771ce256045) C:\Windows\system32\drivers\vasdDev.sys
11:27:07.0176 6140        VASDeviceDrm - ok
11:27:07.0291 6140        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:27:07.0293 6140        VaultSvc - ok
11:27:07.0447 6140        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:27:07.0455 6140        vdrvroot - ok
11:27:07.0525 6140        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:27:07.0563 6140        vds - ok
11:27:07.0605 6140        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:27:07.0609 6140        vga - ok
11:27:07.0634 6140        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:27:07.0639 6140        VgaSave - ok
11:27:07.0682 6140        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:27:07.0734 6140        vhdmp - ok
11:27:07.0767 6140        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:27:07.0773 6140        viaide - ok
11:27:07.0801 6140        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:27:07.0810 6140        volmgr - ok
11:27:07.0893 6140        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:27:07.0947 6140        volmgrx - ok
11:27:08.0044 6140        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:27:08.0048 6140        volsnap - ok
11:27:08.0143 6140        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:27:08.0162 6140        vsmraid - ok
11:27:08.0474 6140        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:27:08.0522 6140        VSS - ok
11:27:08.0667 6140        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:27:08.0676 6140        vwifibus - ok
11:27:08.0695 6140        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:27:08.0702 6140        vwififlt - ok
11:27:08.0725 6140        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:27:08.0730 6140        vwifimp - ok
11:27:08.0787 6140        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:27:08.0810 6140        W32Time - ok
11:27:08.0846 6140        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:27:08.0852 6140        WacomPen - ok
11:27:08.0888 6140        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:27:08.0890 6140        WANARP - ok
11:27:08.0894 6140        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:27:08.0895 6140        Wanarpv6 - ok
11:27:09.0033 6140        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:27:09.0107 6140        WatAdminSvc - ok
11:27:09.0255 6140        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:27:09.0326 6140        wbengine - ok
11:27:09.0462 6140        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:27:09.0480 6140        WbioSrvc - ok
11:27:09.0534 6140        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:27:09.0552 6140        wcncsvc - ok
11:27:09.0575 6140        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:27:09.0585 6140        WcsPlugInService - ok
11:27:09.0662 6140        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:27:09.0669 6140        Wd - ok
11:27:09.0738 6140        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:27:09.0746 6140        Wdf01000 - ok
11:27:09.0777 6140        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:27:09.0788 6140        WdiServiceHost - ok
11:27:09.0793 6140        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:27:09.0797 6140        WdiSystemHost - ok
11:27:09.0843 6140        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:27:09.0868 6140        WebClient - ok
11:27:09.0924 6140        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:27:09.0950 6140        Wecsvc - ok
11:27:09.0981 6140        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:27:09.0993 6140        wercplsupport - ok
11:27:10.0020 6140        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:27:10.0024 6140        WerSvc - ok
11:27:10.0083 6140        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:27:10.0087 6140        WfpLwf - ok
11:27:10.0101 6140        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:27:10.0109 6140        WIMMount - ok
11:27:10.0136 6140        WinDefend - ok
11:27:10.0149 6140        WinHttpAutoProxySvc - ok
11:27:10.0231 6140        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:27:10.0246 6140        Winmgmt - ok
11:27:10.0425 6140        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:27:10.0510 6140        WinRM - ok
11:27:10.0741 6140        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:27:10.0749 6140        WinUsb - ok
11:27:10.0846 6140        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:27:10.0952 6140        Wlansvc - ok
11:27:11.0243 6140        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:27:11.0298 6140        wlidsvc - ok
11:27:11.0452 6140        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:27:11.0456 6140        WmiAcpi - ok
11:27:11.0529 6140        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:27:11.0546 6140        wmiApSrv - ok
11:27:11.0578 6140        WMPNetworkSvc - ok
11:27:11.0610 6140        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:27:11.0617 6140        WPCSvc - ok
11:27:11.0657 6140        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:27:11.0669 6140        WPDBusEnum - ok
11:27:11.0698 6140        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:27:11.0703 6140        ws2ifsl - ok
11:27:11.0729 6140        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:27:11.0740 6140        wscsvc - ok
11:27:11.0745 6140        WSearch - ok
11:27:11.0840 6140        WTGService      (86293b6785260309606b0b0b46e42252) C:\Program Files (x86)\3DataManager\WTGService.exe
11:27:11.0884 6140        WTGService - ok
11:27:12.0075 6140        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:27:12.0130 6140        wuauserv - ok
11:27:12.0298 6140        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:27:12.0308 6140        WudfPf - ok
11:27:12.0361 6140        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:27:12.0430 6140        WUDFRd - ok
11:27:12.0450 6140        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:27:12.0529 6140        wudfsvc - ok
11:27:12.0596 6140        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:27:12.0811 6140        WwanSvc - ok
11:27:12.0856 6140        ZTEusbmdm6k    (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
11:27:12.0864 6140        ZTEusbmdm6k - ok
11:27:12.0913 6140        ZTEusbnmea      (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
11:27:12.0920 6140        ZTEusbnmea - ok
11:27:13.0019 6140        ZTEusbser6k    (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
11:27:13.0028 6140        ZTEusbser6k - ok
11:27:13.0123 6140        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:27:13.0627 6140        \Device\Harddisk0\DR0 - ok
11:27:13.0663 6140        Boot (0x1200)  (44fec4c97a8c695271e41986e9ca1921) \Device\Harddisk0\DR0\Partition0
11:27:13.0665 6140        \Device\Harddisk0\DR0\Partition0 - ok
11:27:13.0686 6140        Boot (0x1200)  (2b41c8864f2a7a3dd0b7076f1c6f3244) \Device\Harddisk0\DR0\Partition1
11:27:13.0689 6140        \Device\Harddisk0\DR0\Partition1 - ok
11:27:13.0689 6140        ============================================================
11:27:13.0689 6140        Scan finished
11:27:13.0689 6140        ============================================================
11:27:13.0702 5192        Detected object count: 1
11:27:13.0702 5192        Actual detected object count: 1
11:27:19.0902 5192        Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:27:19.0902 5192        Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Psychotic 29.05.2012 10:33
Zum Verständnis: combofix sagt auch, dass die Dateien nicht da sind. Dennoch ist plötzlich ein beim Systemstart aktivierter Dienst registriert, der genau auf die beiden verweist. Da ist also was faul!

Jojo95 29.05.2012 18:39
ESET hat nichts gefunden. Nach 10 Stunden scannen hat es NICHTS gefunden :headbang:

Hier ist mal OTL Logdatei (hoffentlich hilft uns das weiter):

Code:
OTL logfile created on: 29.05.2012 19:21:11 - Run 2
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,81% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 68,99 Gb Free Space | 46,29% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 180,38 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
 
Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 11:28:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012.05.09 18:29:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 18:29:27 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.09 18:29:27 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 18:29:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 16:28:52 | 004,464,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012.04.26 00:00:00 | 003,284,992 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe
PRC - [2012.04.26 00:00:00 | 002,379,616 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.14 18:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011.10.23 14:59:12 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.26 00:00:00 | 003,284,992 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe
MOD - [2012.04.26 00:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Trillian\libspeex.dll
MOD - [2012.04.26 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll
MOD - [2012.04.26 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
MOD - [2012.04.26 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
MOD - [2012.04.26 00:00:00 | 000,011,264 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll
MOD - [2012.04.26 00:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll
MOD - [2012.04.26 00:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll
MOD - [2012.04.26 00:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll
MOD - [2012.04.26 00:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll
MOD - [2011.08.19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2011.03.29 23:03:28 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.11.20 15:27:23 | 000,476,160 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010.11.20 15:25:49 | 000,080,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2010.11.20 15:25:49 | 000,080,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009.07.14 03:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV - [2012.05.09 18:29:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 18:29:27 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.09 18:29:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 19:04:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.03 08:34:50 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 19:05:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.28 13:12:06 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.03.14 18:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011.10.23 14:59:12 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.30 15:10:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 18:29:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 18:29:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.11 18:46:53 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.04 13:41:19 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011.08.04 13:41:19 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011.08.04 13:41:19 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011.08.04 13:41:19 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.27 16:44:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.04.27 16:44:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.03.29 23:03:28 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.29 23:03:28 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.29 22:47:26 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2011.02.01 22:37:24 | 001,454,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vasdDev.sys -- (VASDeviceDrm) Virtual Audio Streaming with Drm (WDM)
DRV:64bit: - [2011.01.21 14:33:00 | 000,103,352 | ---- | M] (e2eSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VAud_WDM.sys -- (e2eVAWdm)
DRV:64bit: - [2010.11.26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.10.12 09:49:16 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
DRV:64bit: - [2010.07.15 08:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.04.08 16:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.19 07:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:15:58 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.04.28 13:16:22 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012.04.28 13:16:20 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys -- (RegFilter)
DRV - [2012.01.05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E AA 75 62 67 3D CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/splitcam/{96E18809-6E54-454B-ACF7-5F73121EA227}?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIC30F~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIC30F~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\John\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.24 18:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.02 19:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 15:45:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.02 19:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 15:45:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.19 14:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.03.29 22:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Extensions
[2011.03.29 22:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.22 18:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\29pcln6y.default\extensions
[2012.05.22 18:39:28 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\29pcln6y.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.04.13 15:29:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\29pcln6y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.21 14:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\538kabf0.default\extensions
[2012.03.21 14:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\538kabf0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.03.21 14:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\538kabf0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.19 21:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.19 21:36:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.05.30 17:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.04.13 15:29:03 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29PCLN6Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.02 19:05:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.26 14:22:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {1580277A-4F5E-61BA-30D0-5C805A834D61} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIC30F~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AUTOWorker] D:\John\worker\worker.exe (John Soliman)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIC30F~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIC30F~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIC30F~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIC30F~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BBAEAA6-A760-4FEA-9D8C-C8FAAF90CBEC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIC30F~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 18:23:55 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\übungszettel4.saitalienisch
[2012.05.29 11:28:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012.05.29 11:25:14 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2012.05.29 08:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.27 21:48:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.26 14:30:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.26 14:05:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.26 14:05:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.26 14:05:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.23 16:56:07 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Neuer Ordner
[2012.05.23 15:07:15 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Chemie
[2012.05.20 18:49:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.19 21:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.19 21:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.18 18:41:07 | 000,000,000 | ---D | C] -- C:\Users\John\.yawcam
[2012.05.18 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.05.14 16:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012.05.13 12:06:27 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\bf1942
[2012.05.11 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\SplitMediaLabs
[2012.05.11 20:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012.05.10 20:54:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.05.03 18:40:52 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Torino (ITAL)
[2012.05.02 19:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.02 19:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 19:04:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.29 18:48:06 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job
[2012.05.29 15:48:07 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job
[2012.05.29 11:28:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012.05.29 11:25:21 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2012.05.29 08:27:30 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 08:27:30 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 08:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 08:19:34 | 3219,505,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.28 17:47:02 | 000,042,692 | ---- | M] () -- C:\Users\John\Desktop\Geschichte 2.0.odt
[2012.05.28 12:56:01 | 000,000,348 | ---- | M] () -- C:\Users\John\Desktop\Neue Internetverknüpfung.url
[2012.05.27 18:45:33 | 000,166,064 | ---- | M] () -- C:\Users\John\Desktop\IMG_27052012_184527.png
[2012.05.26 14:22:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.26 12:34:17 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2012.05.23 19:03:22 | 001,622,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.23 19:03:22 | 000,700,658 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.23 19:03:22 | 000,655,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.23 19:03:22 | 000,149,422 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.23 19:03:22 | 000,122,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.19 17:41:35 | 000,019,520 | ---- | M] () -- C:\Users\John\Desktop\Kurzgeschichte.odt
[2012.05.19 17:38:09 | 000,000,143 | ---- | M] () -- C:\Users\John\Desktop\EHrenshcutz.url
[2012.05.19 16:19:28 | 003,412,601 | ---- | M] () -- C:\Users\John\Desktop\Ramones - Needles & Pins.mp3
[2012.05.19 13:19:34 | 000,000,144 | ---- | M] () -- C:\Users\John\Desktop\Ehrenschutz.url
[2012.05.18 14:47:18 | 000,000,332 | ---- | M] () -- C:\Users\John\Desktop\IOBIT CLOUD.url
[2012.05.18 12:34:54 | 202,343,704 | ---- | M] () -- C:\Users\John\Desktop\ff86057e59d183290c7b281f1ddecdad93.flv
[2012.05.11 16:56:20 | 005,069,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 16:41:58 | 001,509,250 | ---- | M] () -- C:\Users\John\Desktop\IMG_10052012_164144.png
[2012.05.09 18:29:28 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.09 18:29:28 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 14:28:37 | 000,000,144 | ---- | M] () -- C:\Users\John\Desktop\ChemieRechnung.url
[2012.05.06 11:46:57 | 000,165,149 | ---- | M] () -- C:\Users\John\Desktop\IMG_06052012_114648.png
[2012.05.05 11:55:41 | 000,024,353 | ---- | M] () -- C:\Users\John\Desktop\upload.php
[2012.05.04 18:10:34 | 000,000,626 | ---- | M] () -- C:\Users\John\Desktop\FTPserver.html
[2012.05.03 20:27:26 | 000,338,108 | ---- | M] () -- C:\Users\John\Desktop\280420121284.jpg
[2012.05.02 15:18:21 | 000,272,664 | ---- | M] () -- C:\Users\John\Desktop\Unbenannt.jpg
[2012.04.30 18:25:37 | 000,073,307 | ---- | M] () -- C:\Users\John\Desktop\Verhältnisse.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.28 12:55:55 | 000,000,348 | ---- | C] () -- C:\Users\John\Desktop\Neue Internetverknüpfung.url
[2012.05.27 18:45:30 | 000,166,064 | ---- | C] () -- C:\Users\John\Desktop\IMG_27052012_184527.png
[2012.05.27 17:06:03 | 000,042,692 | ---- | C] () -- C:\Users\John\Desktop\Geschichte 2.0.odt
[2012.05.26 14:05:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.26 14:05:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.26 14:05:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.26 14:05:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.26 12:34:17 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2012.05.19 17:38:04 | 000,000,143 | ---- | C] () -- C:\Users\John\Desktop\EHrenshcutz.url
[2012.05.19 16:16:52 | 003,412,601 | ---- | C] () -- C:\Users\John\Desktop\Ramones - Needles & Pins.mp3
[2012.05.19 15:43:17 | 000,019,520 | ---- | C] () -- C:\Users\John\Desktop\Kurzgeschichte.odt
[2012.05.19 13:19:30 | 000,000,144 | ---- | C] () -- C:\Users\John\Desktop\Ehrenschutz.url
[2012.05.18 14:47:07 | 000,000,332 | ---- | C] () -- C:\Users\John\Desktop\IOBIT CLOUD.url
[2012.05.18 12:28:44 | 202,343,704 | ---- | C] () -- C:\Users\John\Desktop\ff86057e59d183290c7b281f1ddecdad93.flv
[2012.05.10 16:41:45 | 001,509,250 | ---- | C] () -- C:\Users\John\Desktop\IMG_10052012_164144.png
[2012.05.06 14:28:31 | 000,000,144 | ---- | C] () -- C:\Users\John\Desktop\ChemieRechnung.url
[2012.05.06 11:46:55 | 000,165,149 | ---- | C] () -- C:\Users\John\Desktop\IMG_06052012_114648.png
[2012.05.04 17:55:41 | 000,000,626 | ---- | C] () -- C:\Users\John\Desktop\FTPserver.html
[2012.05.04 17:32:23 | 000,024,353 | ---- | C] () -- C:\Users\John\Desktop\upload.php
[2012.05.03 20:27:15 | 000,338,108 | ---- | C] () -- C:\Users\John\Desktop\280420121284.jpg
[2012.05.02 15:18:21 | 000,272,664 | ---- | C] () -- C:\Users\John\Desktop\Unbenannt.jpg
[2012.04.30 18:11:16 | 000,073,307 | ---- | C] () -- C:\Users\John\Desktop\Verhältnisse.jpg
[2011.12.10 20:50:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2011.10.23 14:59:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.03 21:43:49 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011.08.05 22:19:18 | 000,001,226 | ---- | C] () -- C:\Windows\SplitCam.INI
[2011.07.31 20:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.07.19 21:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.19 21:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.07.19 21:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.07.19 21:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.07.19 21:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.07.19 21:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.07.19 21:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.07.19 21:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.07.19 21:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.07.19 21:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.07.19 11:12:34 | 000,000,266 | ---- | C] () -- C:\Windows\RenegadeJoiner.ini
[2011.07.17 14:51:51 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.17 14:51:28 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.16 17:24:15 | 000,000,699 | ---- | C] () -- C:\Windows\eReg.dat
[2011.07.14 00:35:56 | 000,000,317 | ---- | C] () -- C:\Windows\CoDUO.INI
[2011.07.08 14:21:05 | 000,000,721 | ---- | C] () -- C:\Windows\CoD.INI
[2011.06.13 20:15:00 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.04.17 00:22:58 | 000,000,007 | ---- | C] () -- C:\Windows\_nregt.dat
[2011.03.31 21:24:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.03.31 21:24:11 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.30 17:07:10 | 001,600,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.30 15:41:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.30 15:28:57 | 000,000,032 | ---- | C] () -- C:\Windows\CD_START.INI
[2011.03.30 14:12:09 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.29 23:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
========== LOP Check ==========
 
[2011.08.30 18:56:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\3DataManager
[2011.04.07 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand
[2011.08.15 20:21:19 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2011.12.24 14:18:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.18 12:09:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2012.05.29 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FileZilla
[2011.05.08 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\freac
[2011.11.23 20:55:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit
[2012.04.13 15:45:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IrfanView
[2012.02.02 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\NewsLeecher
[2011.03.30 16:07:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2011.03.30 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Red Alert 3
[2011.08.29 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SplitMediaLabs
[2011.09.03 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.29 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2011.11.13 00:47:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Trillian
[2012.05.27 21:50:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2012.05.29 15:48:07 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job
[2012.05.29 18:48:06 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job
[2012.03.11 13:21:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.27 21:48:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.05.29 13:21:47 | 000,000,000 | ---D | M] -- C:\AMD
[2012.05.27 21:47:10 | 000,000,000 | ---D | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.29 22:09:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.30 18:55:44 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012.04.13 15:19:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.29 08:52:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.05.27 13:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.03.29 22:09:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.29 22:09:58 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.05.29 19:23:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.29 22:10:08 | 000,000,000 | R--D | M] -- C:\Users
[2012.05.29 08:22:27 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.04.27 16:44:41 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.04.27 16:44:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.04.27 16:44:41 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.04.27 16:44:41 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.04.27 16:44:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.04.27 16:44:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.04.27 16:44:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.04.27 16:44:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.04.27 16:44:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.04.27 16:44:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.04.27 16:44:41 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 994 bytes -> C:\ProgramData\Microsoft:K2Rnp9nkWFFiCmFEObM
@Alternate Data Stream - 1122 bytes -> C:\ProgramData\Microsoft:5gJDQzPVUbcgYJn48yjpFJey

< End of report >

Psychotic 30.05.2012 09:29
CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
DRIVER::
mmfo
nfccu
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Macht der Rechner noch Probleme?

Jojo95 30.05.2012 17:23
Ich hab ganz genau gemacht was du gesagt hast, aber es ist wieder da!

Der Rechner macht aber keine Probleme. Läuft schon seit nach der Reparatur meines Freundes wunderbar und ich kann mich nicht beschweren :s habe ich jetzt doch irgendwas schädliches oben?! Und was war mit diesem Akamai?

Code:
ComboFix 12-05-30.04 - John 30.05.2012  17:56:01.5.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4094.2720 [GMT 2:00]
ausgeführt von:: c:\users\John\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-30  ))))))))))))))))))))))))))))))
.
.
2012-05-30 16:05 . 2012-05-30 16:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-29 06:25 . 2012-05-14 23:41        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA35920F-6C50-41C8-A881-9DFD43A908F4}\mpengine.dll
2012-05-25 15:34 . 2012-05-25 15:45        --------        d-----w-        c:\users\John\AppData\Local\MooExt
2012-05-20 17:37 . 2012-02-23 08:18        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-19 19:36 . 2012-05-19 19:36        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-05-18 16:41 . 2012-05-18 16:47        --------        d-----w-        c:\users\John\.yawcam
2012-05-11 18:31 . 2012-05-11 18:31        --------        d-----w-        c:\users\John\AppData\Local\SplitMediaLabs
2012-05-10 18:54 . 2012-05-10 18:54        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-05-10 16:33 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-10 16:33 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-10 16:33 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 16:33 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 16:33 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 16:33 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 16:32 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 16:32 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 16:32 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 16:32 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 16:32 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 16:32 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 16:32 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-02 17:05 . 2012-05-02 17:05        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 17:05 . 2012-05-02 17:05        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 17:05 . 2012-05-02 17:05        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 16:29 . 2011-10-16 17:07        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 16:29 . 2011-10-16 17:07        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 17:04 . 2012-04-02 10:34        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:04 . 2011-05-29 11:38        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:04 . 2012-04-02 11:04        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 14:29 . 2011-07-17 12:51        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-04-04 13:56 . 2011-06-11 18:02        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-25 09:14 . 2012-03-25 09:13        937506065        ----a-w-        C:\FTP-Backup_AllSites_15.03.2012.zip
2012-03-21 12:30 . 2012-03-21 12:31        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-13 17:51 . 2012-03-13 17:51        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:51 . 2012-03-13 17:51        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-13 17:51 . 2012-03-13 17:51        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:50 . 2012-03-13 17:50        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:50 . 2012-03-13 17:50        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:50 . 2012-03-13 17:50        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:50 . 2012-03-13 17:50        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AUTOWorker"="d:\john\worker\worker.exe" [2012-05-19 1988096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R0 mmfo;mmfo;c:\windows\system32\drivers\ukmzyzk.sys [x]
R0 nfccu;nfccu;c:\windows\system32\drivers\aaxblh.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\DRIVERS\VAud_WDM.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2010-07-08 333264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:04]
.
2012-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
2012-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIC30F~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIC30F~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1580277A-4F5E-61BA-30D0-5C805A834D61} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PHPTriad Module: Phorum - c:\windows\system32\GKSUI18.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
  57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:42,a4,2a,4b,e6,f9,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
.
[HKEY_USERS\S-1-5-21-2662835983-198996045-1991720036-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-30  18:08:37
ComboFix-quarantined-files.txt  2012-05-30 16:08
.
Vor Suchlauf: 10 Verzeichnis(se), 74.022.735.872 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 74.548.981.760 Bytes frei
.
- - End Of File - - E97B0D66E4AACB2CCB2CEC2D3FF9E0B9

Psychotic 31.05.2012 07:02
Im Kopf des CF-logs kann ich nicht erkennen, dass er das Script verwandt hat!

Bitte führe ihn erneut aus - ziehe die CFscript.txt über die combofix.exe, bis diese blau markiert wird und lass dann den Mausknopf los!

Jojo95 31.05.2012 16:59
Gut geschaut! Sry, anscheinend war ich wohl zu schnell unterwegs.

Combofix Logfile:
Code:
ComboFix 12-05-31.02 - John 31.05.2012  17:27:33.6.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4094.2655 [GMT 2:00]
ausgeführt von:: c:\users\John\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\John\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mmfo
-------\Service_nfccu
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-28 bis 2012-05-31  ))))))))))))))))))))))))))))))
.
.
2012-05-31 15:44 . 2012-05-31 15:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-25 15:34 . 2012-05-25 15:45        --------        d-----w-        c:\users\John\AppData\Local\MooExt
2012-05-20 17:37 . 2012-02-23 08:18        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-19 19:36 . 2012-05-19 19:36        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-05-18 16:41 . 2012-05-18 16:47        --------        d-----w-        c:\users\John\.yawcam
2012-05-11 18:31 . 2012-05-11 18:31        --------        d-----w-        c:\users\John\AppData\Local\SplitMediaLabs
2012-05-10 18:54 . 2012-05-10 18:54        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-05-10 16:33 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-10 16:33 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-10 16:33 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 16:33 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 16:33 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 16:33 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 16:32 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 16:32 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 16:32 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 16:32 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 16:32 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 16:32 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 16:32 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-02 17:05 . 2012-05-02 17:05        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 17:05 . 2012-05-02 17:05        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 17:05 . 2012-05-02 17:05        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 23:41 . 2012-05-29 06:25        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA35920F-6C50-41C8-A881-9DFD43A908F4}\mpengine.dll
2012-05-09 16:29 . 2011-10-16 17:07        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 16:29 . 2011-10-16 17:07        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 17:04 . 2012-04-02 10:34        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:04 . 2011-05-29 11:38        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:04 . 2012-04-02 11:04        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 14:29 . 2011-07-17 12:51        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-04-04 13:56 . 2011-06-11 18:02        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-25 09:14 . 2012-03-25 09:13        937506065        ----a-w-        C:\FTP-Backup_AllSites_15.03.2012.zip
2012-03-21 12:30 . 2012-03-21 12:31        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-13 17:51 . 2012-03-13 17:51        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:51 . 2012-03-13 17:51        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-13 17:51 . 2012-03-13 17:51        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:50 . 2012-03-13 17:50        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:50 . 2012-03-13 17:50        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:50 . 2012-03-13 17:50        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:50 . 2012-03-13 17:50        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-04-24 4711744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AUTOWorker"="d:\john\worker\worker.exe" [2012-05-19 1988096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 e2eVAWdm;e2eSoft VAudio;c:\windows\system32\DRIVERS\VAud_WDM.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2010-07-08 333264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:04]
.
2012-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001Core.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
2012-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2662835983-198996045-1991720036-1001UA.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 13:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIC30F~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIC30F~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\29pcln6y.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1580277A-4F5E-61BA-30D0-5C805A834D61} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PHPTriad Module: Phorum - c:\windows\system32\GKSUI18.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
  57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:42,a4,2a,4b,e6,f9,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,b5,78,bf,ca,f7,8b,44,b3,9f,69,\
.
[HKEY_USERS\S-1-5-21-2662835983-198996045-1991720036-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:16,d7,e1,2a,5d,7e,27,67,ef,2c,39,d5,0e,91,13,94,49,0a,15,43,45,
  90,97,4f,8b,79,12,64,da,3b,ad,84,c7,af,67,df,fe,e3,67,4a,03,f8,c2,1b,37,cd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-31  17:56:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-31 15:56
ComboFix2.txt  2012-05-30 16:08
.
Vor Suchlauf: 10 Verzeichnis(se), 74.322.386.944 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 73.801.961.472 Bytes frei
.
- - End Of File - - B246EA89FE1BD18896AF4BFF161E69C7
--- --- ---

Psychotic 31.05.2012 17:46
Sieht ganz gut aus - kontrollieren wir alles nochmal! :)


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Schritt 3: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Psychotic 03.06.2012 23:08
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Psychotic 06.06.2012 07:07
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131