Trojaner-Board - EXP/CVE-2010-0840.FL

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - EXP/CVE-2010-0840.FL - Virus losgeworden? (https://www.trojaner-board.de/111088-exp-cve-2010-0840-fl-virus-losgeworden.html)

Sodele. Einmal im normalen Modus:

Code:

OTL logfile created on: 08.03.2012 20:36:19 - Run 2

OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Ragey\Desktop

64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,69% Memory free

8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 55,80 Gb Total Space | 18,06 Gb Free Space | 32,37% Space Free | Partition Type: NTFS

Drive E: | 29,29 Gb Total Space | 14,63 Gb Free Space | 49,93% Space Free | Partition Type: NTFS

Drive F: | 566,88 Gb Total Space | 60,48 Gb Free Space | 10,67% Space Free | Partition Type: NTFS

Drive M: | 732,42 Gb Total Space | 173,06 Gb Free Space | 23,63% Space Free | Partition Type: NTFS

Drive S: | 199,09 Gb Total Space | 134,03 Gb Free Space | 67,32% Space Free | Partition Type: NTFS

 

Computer Name: BANANANA | User Name: Ragey | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.08 15:45:54 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe

PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.09.13 11:40:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.01 19:06:57 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.03.06 02:22:48 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2010.03.06 02:17:42 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2010.02.12 14:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2009.09.15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

PRC - [2008.07.26 19:56:04 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Desksave\DeskSave.exe

PRC - [2007.07.18 09:19:02 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.12.08 15:50:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009.11.30 18:53:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

MOD - [2008.07.26 19:56:04 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Desksave\DeskSave.exe

MOD - [2006.06.09 19:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009.06.05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV - [2012.02.26 21:28:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.09.13 11:40:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.01 19:06:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.02.27 12:12:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)

SRV - [2011.02.27 12:12:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010.11.15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010.02.12 14:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.09.13 11:40:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.09.13 11:40:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.02.28 16:33:54 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.02.27 11:59:52 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010.11.02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010.10.25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010.10.25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2010.03.06 03:53:22 | 001,561,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010.03.06 03:53:08 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010.03.06 03:53:00 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010.03.06 03:52:52 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010.03.06 03:52:44 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010.03.06 03:52:36 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2010.03.06 03:52:26 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010.03.06 03:52:16 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010.03.06 03:52:16 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010.03.06 03:52:06 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010.03.06 03:52:06 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010.03.06 03:51:58 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010.03.06 03:51:58 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV:64bit: - [2009.05.20 10:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 8B BE B6 17 B8 CC 01  [binary data]

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.05 11:37:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.08 21:43:13 | 000,000,000 | ---D | M]

 

[2011.02.27 12:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ragey\AppData\Roaming\mozilla\Extensions

[2012.03.05 11:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ragey\AppData\Roaming\mozilla\Firefox\Profiles\f66f7kgp.default\extensions

[2011.03.09 11:06:05 | 000,001,180 | ---- | M] () -- C:\Users\Ragey\AppData\Roaming\Mozilla\Firefox\Profiles\f66f7kgp.default\searchplugins\urban-dictionary.xml

[2012.03.05 11:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\RAGEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F66F7KGP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\RAGEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F66F7KGP.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI

[2012.03.05 11:37:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.02.27 16:57:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.05 11:37:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.05 11:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.03.05 11:37:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.05 11:37:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.05 11:37:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.05 11:37:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.02.28 16:29:20 | 000,001,163 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001..\Run: [7 Taskbar Tweaker] C:\Program Files\Taskbar Tweaker\7 Taskbar Tweaker x64.exe ()

O4 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001..\Run: [DeskSave] C:\Program Files (x86)\Desksave\DeskSave.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{233C1A0D-6BF9-4BBE-8E72-BA6E811792E4}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4D7CB59-27AE-47B1-B48D-DDA81DBB2813}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - Unable to obtain root file information for disk E:\

O32 - Unable to obtain root file information for disk F:\

O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell - "" = AutoRun

O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell\AutoRun\command - "" = G:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.08 15:45:54 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe

[2012.03.08 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.03.06 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\Malwarebytes

[2012.03.06 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.06 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.06 19:09:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.03.06 19:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.03.06 19:08:59 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ragey\Desktop\mbam-setup-1.60.1.1000.exe

[2012.03.05 21:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.03.05 21:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.03.05 21:35:07 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Ragey\Desktop\ccsetup316.exe

[2012.03.05 11:24:15 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Ragey\Desktop\procexp.exe

[2012.03.05 11:24:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ragey\Desktop\HiJackThis204.exe

[2012.03.04 22:02:35 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012.03.04 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\TeamViewer

[2012.03.04 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\Opera

[2012.03.03 11:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine

[2012.02.28 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

[2012.02.25 13:31:59 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\MusikG

[2012.02.18 15:59:25 | 000,000,000 | ---D | C] -- C:\BDS

[2012.02.12 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\120210_Testkali

[2012.02.12 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\KalibrierSerieFertig2 - Kopie

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.08 19:58:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.08 19:58:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.08 19:57:14 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.03.08 19:57:14 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.03.08 19:57:14 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.03.08 19:57:14 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.03.08 19:57:14 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.03.08 19:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.08 19:50:11 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.08 15:45:54 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe

[2012.03.07 20:50:16 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.03.07 20:50:16 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.03.07 20:50:16 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx

[2012.03.06 19:09:40 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.06 19:09:05 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ragey\Desktop\mbam-setup-1.60.1.1000.exe

[2012.03.06 18:15:51 | 004,989,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.03.05 21:35:39 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.05 20:53:35 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Ragey\Desktop\ccsetup316.exe

[2012.03.05 11:35:24 | 000,236,732 | ---- | M] () -- C:\Users\Ragey\Desktop\bookmarks-2012-03-05.json

[2012.03.05 11:15:07 | 001,857,786 | ---- | M] () -- C:\Users\Ragey\Desktop\Process1513Explorer.zip

[2012.03.05 11:10:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ragey\Desktop\HiJackThis204.exe

[2012.03.04 21:51:53 | 000,632,600 | ---- | M] () -- C:\Users\Ragey\Desktop\Unbenannt.png

[2012.03.04 21:48:33 | 000,048,623 | ---- | M] () -- C:\Users\Ragey\Desktop\md5check.zip

[2012.03.01 19:06:41 | 000,057,023 | ---- | M] () -- C:\Users\Ragey\Desktop\9d9e83ad-8fbf-426b-9d9f-2384c40c3fbd.jpg

[2012.02.23 10:18:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012.02.23 10:18:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012.02.19 17:12:59 | 000,001,094 | ---- | M] () -- C:\Users\Ragey\Desktop\***** ** **** *.lnk

[2012.02.14 13:10:12 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Ragey\Desktop\procexp.exe

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.08 12:08:41 | 000,002,090 | ---- | C] () -- C:\Users\Ragey\Desktop\AntiVir starten.lnk

[2012.03.06 19:09:40 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.06 18:15:38 | 004,989,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.03.05 21:35:39 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.05 11:35:24 | 000,236,732 | ---- | C] () -- C:\Users\Ragey\Desktop\bookmarks-2012-03-05.json

[2012.03.05 11:24:15 | 000,072,268 | ---- | C] () -- C:\Users\Ragey\Desktop\procexp.chm

[2012.03.05 11:24:05 | 001,857,786 | ---- | C] () -- C:\Users\Ragey\Desktop\Process1513Explorer.zip

[2012.03.05 11:24:05 | 000,048,623 | ---- | C] () -- C:\Users\Ragey\Desktop\md5check.zip

[2012.03.04 21:51:52 | 000,632,600 | ---- | C] () -- C:\Users\Ragey\Desktop\Unbenannt.png

[2012.03.01 19:06:41 | 000,057,023 | ---- | C] () -- C:\Users\Ragey\Desktop\9d9e83ad-8fbf-426b-9d9f-2384c40c3fbd.jpg

[2012.02.23 10:18:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012.02.23 10:18:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012.02.19 17:12:59 | 000,001,094 | ---- | C] () -- C:\Users\Ragey\Desktop\***** ** **** *.lnk

[2012.01.29 13:30:58 | 000,000,132 | ---- | C] () -- C:\Users\Ragey\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.05.30 12:37:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT

[2011.05.23 11:39:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2011.05.20 17:51:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011.05.16 13:56:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.03.04 12:29:55 | 000,007,597 | ---- | C] () -- C:\Users\Ragey\AppData\Local\Resmon.ResmonCfg

[2011.03.03 13:58:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble

[2011.03.03 13:58:14 | 000,000,268 | RH-- | C] () -- C:\Users\Ragey\AppData\Roaming\Static Library

[2011.03.03 13:58:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2011.02.28 18:55:40 | 000,000,132 | ---- | C] () -- C:\Users\Ragey\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.02.27 22:16:50 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2011.02.27 22:16:50 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.02.27 22:16:49 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011.02.27 22:16:49 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011.02.27 12:13:05 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011.02.27 12:13:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011.02.27 12:12:48 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat

[2011.02.27 12:12:48 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[2011.02.27 12:12:48 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat

[2011.02.27 12:12:48 | 000,021,164 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2011.02.27 12:12:48 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

[2011.02.27 12:12:48 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe

[2011.02.27 12:12:48 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll

[2011.02.27 12:12:48 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2011.02.27 12:12:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2011.02.27 12:12:38 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL

[2011.02.27 11:55:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

 
 ========== LOP Check ==========

 

[2012.03.03 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine

[2011.03.03 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Canneverbe Limited

[2011.12.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Cinebook

[2012.03.05 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DAEMON Tools Lite

[2011.09.14 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DelinvFile

[2012.02.15 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Dropbox

[2011.03.03 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Nikon

[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Opera

[2011.09.11 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\runic games

[2011.12.11 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\SaalDesignSoftware

[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\TeamViewer

[2012.01.28 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Trine2

[2012.02.07 16:45:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.07.06 17:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Adobe

[2011.03.01 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Avira

[2012.03.03 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine

[2011.03.03 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Canneverbe Limited

[2011.12.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Cinebook

[2012.03.05 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DAEMON Tools Lite

[2011.09.14 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DelinvFile

[2012.02.15 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Dropbox

[2011.09.18 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\dvdcss

[2011.03.03 16:35:01 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\FastStone

[2012.03.04 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Identities

[2011.02.27 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\InstallShield

[2011.02.28 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Macromedia

[2012.03.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Media Center Programs

[2011.07.07 17:00:17 | 000,000,000 | --SD | M] -- C:\Users\Ragey\AppData\Roaming\Microsoft

[2011.02.27 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Mozilla

[2011.03.03 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Nikon

[2011.10.19 12:47:08 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\NVIDIA

[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Opera

[2011.09.11 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\runic games

[2011.12.11 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\SaalDesignSoftware

[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\TeamViewer

[2012.01.28 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Trine2

[2012.02.12 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\vlc

[2012.03.05 21:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Winamp

[2011.02.27 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\WinRAR

[2011.02.28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\WTablet

 
 < %APPDATA%\*.exe /s >

[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ragey\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.12.05 20:17:50 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ragey\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.12.05 16:06:29 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ragey\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.05.30 12:37:48 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Ragey\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 8B BE B6 17 B8 CC 01  [binary data]

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O32 - HKLM CDRom: AutoRun - 1

O32 - Unable to obtain root file information for disk E:\

O32 - Unable to obtain root file information for disk F:\

O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell - "" = AutoRun

O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell\AutoRun\command - "" = G:\Setup.exe

:Files

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Reicht es da, wenn der Antivir Guard deaktiviert ist, oder darf gar keine Instanz von Antivir laufen?
Und der Fund von ESET, muss ich da auch noch irgendwas separat löschen? Entschuldige, wenn ich voreilige Fragen stelle :/
Ich muss jetzt leider langsam Schluss machen, morgen früh ruft die Arbeit. Ich mache dann an der Stelle morgen nachmittag weiter.
Aber schonmal vielen Dank für die Zeit, die du heute erübrigt hast. Gute Nacht! :)

Nein das ist schon so ok, hab den Fund von ESET noch mit ins Script aufgenommen. Es reicht wenn du AntiVir deaktivierst

Morgen! Habs gerade noch schnell laufen lassen:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File  not found.

File  not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.

File G:\Setup.exe not found.

========== FILES ==========

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Ragey

->Temp folder emptied: 109568 bytes

->Temporary Internet Files folder emptied: 824648 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49450407 bytes

->Flash cache emptied: 56967 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 512000 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 508928 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356772 bytes

RecycleBin emptied: 4644368 bytes

 

Total Files Cleaned = 98,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.36.1 log created on 03092012_072804
 

Files\Folders moved on Reboot...

C:\Users\Ragey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Ragey\AppData\Local\Temp\stt471D.tmp not found!
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Okay, wieder am PC und mit TDSS-Killer gescannt: Hat nichts bemängelt.

Edit: Hatte den ersten Scan nicht als Admin ausgeführt, aber am Ergebnis hat sich nichts geändert

Code:

16:55:16.0325 3792        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39

16:55:16.0435 3792        ============================================================

16:55:16.0435 3792        Current date / time: 2012/03/09 16:55:16.0435

16:55:16.0435 3792        SystemInfo:

16:55:16.0435 3792        

16:55:16.0435 3792        OS Version: 6.1.7600 ServicePack: 0.0

16:55:16.0435 3792        Product type: Workstation

16:55:16.0435 3792        ComputerName: BANANANA

16:55:16.0435 3792        UserName: Ragey

16:55:16.0435 3792        Windows directory: C:\Windows

16:55:16.0435 3792        System windows directory: C:\Windows

16:55:16.0435 3792        Running under WOW64

16:55:16.0435 3792        Processor architecture: Intel x64

16:55:16.0435 3792        Number of processors: 4

16:55:16.0435 3792        Page size: 0x1000

16:55:16.0435 3792        Boot type: Normal boot

16:55:16.0435 3792        ============================================================

16:55:16.0653 3792        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:55:16.0653 3792        Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x6B98, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040

16:55:16.0653 3792        Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:55:16.0669 3792        \Device\Harddisk0\DR0:

16:55:16.0669 3792        MBR used

16:55:16.0669 3792        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x46DC0B92

16:55:16.0669 3792        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x46DC0BD1, BlocksNum 0x3A962F0

16:55:16.0669 3792        \Device\Harddisk1\DR1:

16:55:16.0669 3792        MBR used

16:55:16.0669 3792        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800

16:55:16.0669 3792        \Device\Harddisk2\DR2:

16:55:16.0669 3792        MBR used

16:55:16.0669 3792        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x18E2D800

16:55:16.0669 3792        \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x18E2E000, BlocksNum 0x5B8D7800

16:55:16.0715 3792        Initialize success

16:55:16.0715 3792        ============================================================

16:55:21.0645 3632        ============================================================

16:55:21.0645 3632        Scan started

16:55:21.0645 3632        Mode: Manual; SigCheck; TDLFS; 

16:55:21.0645 3632        ============================================================

16:55:21.0801 3632        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

16:55:21.0832 3632        1394ohci - ok

16:55:21.0863 3632        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

16:55:21.0879 3632        ACPI - ok

16:55:21.0895 3632        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

16:55:21.0910 3632        AcpiPmi - ok

16:55:21.0926 3632        ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys

16:55:21.0941 3632        ADIHdAudAddService - ok

16:55:21.0957 3632        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:55:21.0973 3632        adp94xx - ok

16:55:21.0988 3632        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:55:22.0004 3632        adpahci - ok

16:55:22.0019 3632        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:55:22.0035 3632        adpu320 - ok

16:55:22.0066 3632        AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

16:55:22.0082 3632        AFD - ok

16:55:22.0097 3632        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

16:55:22.0113 3632        agp440 - ok

16:55:22.0129 3632        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

16:55:22.0129 3632        aliide - ok

16:55:22.0144 3632        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

16:55:22.0160 3632        amdide - ok

16:55:22.0175 3632        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:55:22.0175 3632        AmdK8 - ok

16:55:22.0191 3632        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:55:22.0207 3632        AmdPPM - ok

16:55:22.0222 3632        amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

16:55:22.0238 3632        amdsata - ok

16:55:22.0253 3632        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:55:22.0269 3632        amdsbs - ok

16:55:22.0285 3632        amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

16:55:22.0285 3632        amdxata - ok

16:55:22.0300 3632        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

16:55:22.0316 3632        AppID - ok

16:55:22.0347 3632        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:55:22.0347 3632        arc - ok

16:55:22.0363 3632        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:55:22.0378 3632        arcsas - ok

16:55:22.0378 3632        AsIO - ok

16:55:22.0394 3632        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:55:22.0425 3632        AsyncMac - ok

16:55:22.0441 3632        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

16:55:22.0456 3632        atapi - ok

16:55:22.0472 3632        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

16:55:22.0487 3632        avgntflt - ok

16:55:22.0503 3632        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

16:55:22.0503 3632        avipbb - ok

16:55:22.0534 3632        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:55:22.0550 3632        b06bdrv - ok

16:55:22.0565 3632        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:55:22.0581 3632        b57nd60a - ok

16:55:22.0597 3632        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:55:22.0628 3632        Beep - ok

16:55:22.0643 3632        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:55:22.0659 3632        blbdrive - ok

16:55:22.0675 3632        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

16:55:22.0690 3632        bowser - ok

16:55:22.0706 3632        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:55:22.0721 3632        BrFiltLo - ok

16:55:22.0721 3632        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:55:22.0737 3632        BrFiltUp - ok

16:55:22.0768 3632        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:55:22.0768 3632        Brserid - ok

16:55:22.0784 3632        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:55:22.0799 3632        BrSerWdm - ok

16:55:22.0815 3632        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:55:22.0831 3632        BrUsbMdm - ok

16:55:22.0846 3632        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:55:22.0862 3632        BrUsbSer - ok

16:55:22.0877 3632        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:55:22.0893 3632        BTHMODEM - ok

16:55:22.0909 3632        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:55:22.0940 3632        cdfs - ok

16:55:22.0955 3632        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

16:55:22.0971 3632        cdrom - ok

16:55:22.0987 3632        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:55:23.0002 3632        circlass - ok

16:55:23.0018 3632        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:55:23.0033 3632        CLFS - ok

16:55:23.0049 3632        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:55:23.0065 3632        CmBatt - ok

16:55:23.0080 3632        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

16:55:23.0080 3632        cmdide - ok

16:55:23.0111 3632        CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

16:55:23.0127 3632        CNG - ok

16:55:23.0143 3632        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:55:23.0143 3632        Compbatt - ok

16:55:23.0158 3632        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:55:23.0174 3632        CompositeBus - ok

16:55:23.0189 3632        cpuz130 - ok

16:55:23.0205 3632        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:55:23.0205 3632        crcdisk - ok

16:55:23.0236 3632        CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

16:55:23.0252 3632        CSC - ok

16:55:23.0267 3632        CT20XUT         (0c87302db0f22d7be38be41c86551d26) C:\Windows\system32\drivers\CT20XUT.SYS

16:55:23.0283 3632        CT20XUT - ok

16:55:23.0299 3632        CT20XUT.SYS     (0c87302db0f22d7be38be41c86551d26) C:\Windows\System32\drivers\CT20XUT.SYS

16:55:23.0314 3632        CT20XUT.SYS - ok

16:55:23.0330 3632        ctac32k         (a2608d16bc13d6e7edf5d802b4991700) C:\Windows\system32\drivers\ctac32k.sys

16:55:23.0345 3632        ctac32k - ok

16:55:23.0377 3632        ctaud2k         (0316ef9a21f59614fc95f38b3c1d7426) C:\Windows\system32\drivers\ctaud2k.sys

16:55:23.0392 3632        ctaud2k - ok

16:55:23.0423 3632        CTEXFIFX        (1b13dd29d40ba2ca15d8b6dc5988be05) C:\Windows\system32\drivers\CTEXFIFX.SYS

16:55:23.0439 3632        CTEXFIFX - ok

16:55:23.0486 3632        CTEXFIFX.SYS    (1b13dd29d40ba2ca15d8b6dc5988be05) C:\Windows\System32\drivers\CTEXFIFX.SYS

16:55:23.0501 3632        CTEXFIFX.SYS - ok

16:55:23.0517 3632        CTHWIUT         (0e336585373a7fd8e4cf8c1daa3848ec) C:\Windows\system32\drivers\CTHWIUT.SYS

16:55:23.0533 3632        CTHWIUT - ok

16:55:23.0548 3632        CTHWIUT.SYS     (0e336585373a7fd8e4cf8c1daa3848ec) C:\Windows\System32\drivers\CTHWIUT.SYS

16:55:23.0548 3632        CTHWIUT.SYS - ok

16:55:23.0564 3632        ctprxy2k        (123637593035dc8f379f8c8940a3eaf4) C:\Windows\system32\drivers\ctprxy2k.sys

16:55:23.0579 3632        ctprxy2k - ok

16:55:23.0595 3632        ctsfm2k         (a0f9d7b87d3589e21abba956548fa574) C:\Windows\system32\drivers\ctsfm2k.sys

16:55:23.0595 3632        ctsfm2k - ok

16:55:23.0626 3632        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

16:55:23.0626 3632        DfsC - ok

16:55:23.0642 3632        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:55:23.0673 3632        discache - ok

16:55:23.0689 3632        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:55:23.0704 3632        Disk - ok

16:55:23.0720 3632        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

16:55:23.0735 3632        Dot4 - ok

16:55:23.0751 3632        Dot4Print       (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:55:23.0767 3632        Dot4Print - ok

16:55:23.0782 3632        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

16:55:23.0798 3632        dot4usb - ok

16:55:23.0813 3632        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:55:23.0829 3632        drmkaud - ok

16:55:23.0845 3632        dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

16:55:23.0860 3632        dtsoftbus01 - ok

16:55:23.0876 3632        DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

16:55:23.0907 3632        DXGKrnl - ok

16:55:23.0969 3632        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:55:24.0016 3632        ebdrv - ok

16:55:24.0032 3632        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:55:24.0063 3632        elxstor - ok

16:55:24.0079 3632        emupia          (f525c6f6ff32744575c76d06606c8466) C:\Windows\system32\drivers\emupia2k.sys

16:55:24.0079 3632        emupia - ok

16:55:24.0094 3632        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

16:55:24.0110 3632        ErrDev - ok

16:55:24.0125 3632        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:55:24.0157 3632        exfat - ok

16:55:24.0172 3632        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:55:24.0203 3632        fastfat - ok

16:55:24.0219 3632        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:55:24.0235 3632        fdc - ok

16:55:24.0250 3632        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:55:24.0266 3632        FileInfo - ok

16:55:24.0281 3632        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:55:24.0313 3632        Filetrace - ok

16:55:24.0328 3632        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:55:24.0344 3632        flpydisk - ok

16:55:24.0359 3632        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

16:55:24.0375 3632        FltMgr - ok

16:55:24.0391 3632        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:55:24.0406 3632        FsDepends - ok

16:55:24.0406 3632        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

16:55:24.0422 3632        Fs_Rec - ok

16:55:24.0437 3632        fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

16:55:24.0453 3632        fvevol - ok

16:55:24.0469 3632        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:55:24.0484 3632        gagp30kx - ok

16:55:24.0515 3632        ha20x2k         (52c2aa23c3931f699d647c80cb5c6ed5) C:\Windows\system32\drivers\ha20x2k.sys

16:55:24.0547 3632        ha20x2k - ok

16:55:24.0578 3632        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:55:24.0578 3632        hcw85cir - ok

16:55:24.0609 3632        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

16:55:24.0625 3632        HdAudAddService - ok

16:55:24.0640 3632        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:55:24.0656 3632        HDAudBus - ok

16:55:24.0671 3632        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:55:24.0671 3632        HidBatt - ok

16:55:24.0687 3632        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:55:24.0703 3632        HidBth - ok

16:55:24.0718 3632        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:55:24.0734 3632        HidIr - ok

16:55:24.0749 3632        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

16:55:24.0765 3632        HidUsb - ok

16:55:24.0781 3632        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

16:55:24.0796 3632        HpSAMD - ok

16:55:24.0827 3632        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

16:55:24.0859 3632        HTTP - ok

16:55:24.0874 3632        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

16:55:24.0890 3632        hwpolicy - ok

16:55:24.0905 3632        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

16:55:24.0905 3632        i8042prt - ok

16:55:24.0937 3632        iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

16:55:24.0952 3632        iaStorV - ok

16:55:24.0968 3632        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:55:24.0968 3632        iirsp - ok

16:55:24.0999 3632        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

16:55:24.0999 3632        intelide - ok

16:55:25.0015 3632        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:55:25.0030 3632        intelppm - ok

16:55:25.0046 3632        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:55:25.0077 3632        IpFilterDriver - ok

16:55:25.0093 3632        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

16:55:25.0108 3632        IPMIDRV - ok

16:55:25.0124 3632        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:55:25.0155 3632        IPNAT - ok

16:55:25.0171 3632        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:55:25.0186 3632        IRENUM - ok

16:55:25.0202 3632        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

16:55:25.0217 3632        isapnp - ok

16:55:25.0233 3632        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

16:55:25.0249 3632        iScsiPrt - ok

16:55:25.0264 3632        JRAID           (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys

16:55:25.0264 3632        JRAID - ok

16:55:25.0280 3632        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:55:25.0295 3632        kbdclass - ok

16:55:25.0311 3632        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

16:55:25.0311 3632        kbdhid - ok

16:55:25.0327 3632        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

16:55:25.0342 3632        KSecDD - ok

16:55:25.0358 3632        KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

16:55:25.0373 3632        KSecPkg - ok

16:55:25.0389 3632        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:55:25.0420 3632        ksthunk - ok

16:55:25.0436 3632        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:55:25.0467 3632        lltdio - ok

16:55:25.0498 3632        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:55:25.0498 3632        LSI_FC - ok

16:55:25.0514 3632        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:55:25.0529 3632        LSI_SAS - ok

16:55:25.0545 3632        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:55:25.0561 3632        LSI_SAS2 - ok

16:55:25.0576 3632        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:55:25.0576 3632        LSI_SCSI - ok

16:55:25.0592 3632        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:55:25.0639 3632        luafv - ok

16:55:25.0654 3632        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:55:25.0654 3632        megasas - ok

16:55:25.0670 3632        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:55:25.0685 3632        MegaSR - ok

16:55:25.0701 3632        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:55:25.0748 3632        Modem - ok

16:55:25.0748 3632        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:55:25.0763 3632        monitor - ok

16:55:25.0779 3632        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:55:25.0795 3632        mouclass - ok

16:55:25.0810 3632        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:55:25.0826 3632        mouhid - ok

16:55:25.0841 3632        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

16:55:25.0857 3632        mountmgr - ok

16:55:25.0873 3632        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

16:55:25.0873 3632        mpio - ok

16:55:25.0888 3632        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:55:25.0919 3632        mpsdrv - ok

16:55:25.0951 3632        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

16:55:25.0966 3632        MRxDAV - ok

16:55:25.0982 3632        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:55:25.0982 3632        mrxsmb - ok

16:55:26.0013 3632        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:55:26.0013 3632        mrxsmb10 - ok

16:55:26.0044 3632        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:55:26.0044 3632        mrxsmb20 - ok

16:55:26.0060 3632        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

16:55:26.0075 3632        msahci - ok

16:55:26.0091 3632        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

16:55:26.0107 3632        msdsm - ok

16:55:26.0122 3632        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:55:26.0153 3632        Msfs - ok

16:55:26.0169 3632        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:55:26.0200 3632        mshidkmdf - ok

16:55:26.0216 3632        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

16:55:26.0216 3632        msisadrv - ok

16:55:26.0231 3632        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:55:26.0278 3632        MSKSSRV - ok

16:55:26.0278 3632        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:55:26.0309 3632        MSPCLOCK - ok

16:55:26.0325 3632        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:55:26.0356 3632        MSPQM - ok

16:55:26.0387 3632        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

16:55:26.0403 3632        MsRPC - ok

16:55:26.0419 3632        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

16:55:26.0419 3632        mssmbios - ok

16:55:26.0434 3632        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:55:26.0465 3632        MSTEE - ok

16:55:26.0481 3632        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:55:26.0497 3632        MTConfig - ok

16:55:26.0512 3632        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

16:55:26.0512 3632        MTsensor - ok

16:55:26.0528 3632        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:55:26.0543 3632        Mup - ok

16:55:26.0559 3632        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:55:26.0575 3632        NativeWifiP - ok

16:55:26.0606 3632        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

16:55:26.0637 3632        NDIS - ok

16:55:26.0653 3632        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:55:26.0684 3632        NdisCap - ok

16:55:26.0699 3632        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:55:26.0731 3632        NdisTapi - ok

16:55:26.0746 3632        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

16:55:26.0777 3632        Ndisuio - ok

16:55:26.0793 3632        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:55:26.0840 3632        NdisWan - ok

16:55:26.0840 3632        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

16:55:26.0887 3632        NDProxy - ok

16:55:26.0902 3632        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:55:26.0933 3632        NetBIOS - ok

16:55:26.0949 3632        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

16:55:26.0980 3632        NetBT - ok

16:55:26.0996 3632        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:55:27.0011 3632        nfrd960 - ok

16:55:27.0043 3632        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:55:27.0074 3632        Npfs - ok

16:55:27.0089 3632        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:55:27.0121 3632        nsiproxy - ok

16:55:27.0152 3632        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

16:55:27.0183 3632        Ntfs - ok

16:55:27.0199 3632        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:55:27.0230 3632        Null - ok

16:55:27.0261 3632        NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

16:55:27.0261 3632        NVHDA - ok

16:55:27.0495 3632        nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:55:27.0667 3632        nvlddmkm - ok

16:55:27.0682 3632        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

16:55:27.0698 3632        nvraid - ok

16:55:27.0713 3632        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

16:55:27.0729 3632        nvstor - ok

16:55:27.0745 3632        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

16:55:27.0760 3632        nv_agp - ok

16:55:27.0776 3632        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

16:55:27.0791 3632        ohci1394 - ok

16:55:27.0807 3632        ossrv           (63a9d079b05207203707a909464a78fd) C:\Windows\system32\drivers\ctoss2k.sys

16:55:27.0807 3632        ossrv - ok

16:55:27.0838 3632        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:55:27.0838 3632        Parport - ok

16:55:27.0854 3632        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

16:55:27.0869 3632        partmgr - ok

16:55:27.0885 3632        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

16:55:27.0901 3632        pci - ok

16:55:27.0916 3632        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

16:55:27.0932 3632        pciide - ok

16:55:27.0947 3632        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:55:27.0947 3632        pcmcia - ok

16:55:27.0963 3632        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:55:27.0979 3632        pcw - ok

16:55:28.0010 3632        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:55:28.0041 3632        PEAUTH - ok

16:55:28.0088 3632        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

16:55:28.0119 3632        PptpMiniport - ok

16:55:28.0135 3632        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:55:28.0150 3632        Processor - ok

16:55:28.0166 3632        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

16:55:28.0197 3632        Psched - ok

16:55:28.0228 3632        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:55:28.0259 3632        ql2300 - ok

16:55:28.0275 3632        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:55:28.0291 3632        ql40xx - ok

16:55:28.0306 3632        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:55:28.0322 3632        QWAVEdrv - ok

16:55:28.0337 3632        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:55:28.0369 3632        RasAcd - ok

16:55:28.0384 3632        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:55:28.0415 3632        RasAgileVpn - ok

16:55:28.0431 3632        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:55:28.0462 3632        Rasl2tp - ok

16:55:28.0478 3632        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:55:28.0525 3632        RasPppoe - ok

16:55:28.0540 3632        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:55:28.0571 3632        RasSstp - ok

16:55:28.0587 3632        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

16:55:28.0618 3632        rdbss - ok

16:55:28.0634 3632        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:55:28.0649 3632        rdpbus - ok

16:55:28.0665 3632        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:55:28.0696 3632        RDPCDD - ok

16:55:28.0712 3632        RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

16:55:28.0727 3632        RDPDR - ok

16:55:28.0743 3632        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:55:28.0774 3632        RDPENCDD - ok

16:55:28.0790 3632        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:55:28.0821 3632        RDPREFMP - ok

16:55:28.0837 3632        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

16:55:28.0868 3632        RDPWD - ok

16:55:28.0899 3632        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

16:55:28.0899 3632        rdyboost - ok

16:55:28.0930 3632        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:55:28.0961 3632        rspndr - ok

16:55:28.0977 3632        s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

16:55:28.0993 3632        s3cap - ok

16:55:29.0008 3632        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

16:55:29.0008 3632        sbp2port - ok

16:55:29.0039 3632        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

16:55:29.0071 3632        scfilter - ok

16:55:29.0086 3632        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:55:29.0117 3632        secdrv - ok

16:55:29.0133 3632        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:55:29.0149 3632        Serenum - ok

16:55:29.0164 3632        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:55:29.0180 3632        Serial - ok

16:55:29.0195 3632        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:55:29.0195 3632        sermouse - ok

16:55:29.0227 3632        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

16:55:29.0242 3632        sffdisk - ok

16:55:29.0258 3632        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

16:55:29.0273 3632        sffp_mmc - ok

16:55:29.0289 3632        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

16:55:29.0289 3632        sffp_sd - ok

16:55:29.0305 3632        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:55:29.0320 3632        sfloppy - ok

16:55:29.0336 3632        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:55:29.0351 3632        SiSRaid2 - ok

16:55:29.0367 3632        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:55:29.0383 3632        SiSRaid4 - ok

16:55:29.0398 3632        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:55:29.0429 3632        Smb - ok

16:55:29.0445 3632        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:55:29.0461 3632        spldr - ok

16:55:29.0476 3632        srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

16:55:29.0492 3632        srv - ok

16:55:29.0523 3632        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

16:55:29.0523 3632        srv2 - ok

16:55:29.0554 3632        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

16:55:29.0554 3632        srvnet - ok

16:55:29.0632 3632        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:55:29.0632 3632        stexstor - ok

16:55:29.0648 3632        storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

16:55:29.0663 3632        storflt - ok

16:55:29.0679 3632        storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

16:55:29.0695 3632        storvsc - ok

16:55:29.0710 3632        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

16:55:29.0710 3632        swenum - ok

16:55:29.0773 3632        Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

16:55:29.0804 3632        Tcpip - ok

16:55:29.0851 3632        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

16:55:29.0882 3632        TCPIP6 - ok

16:55:29.0897 3632        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

16:55:29.0929 3632        tcpipreg - ok

16:55:29.0944 3632        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:55:29.0976 3632        TDPIPE - ok

16:55:29.0991 3632        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

16:55:30.0022 3632        TDTCP - ok

16:55:30.0038 3632        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

16:55:30.0069 3632        tdx - ok

16:55:30.0085 3632        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

16:55:30.0100 3632        TermDD - ok

16:55:30.0132 3632        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:55:30.0163 3632        tssecsrv - ok

16:55:30.0178 3632        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

16:55:30.0210 3632        tunnel - ok

16:55:30.0225 3632        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:55:30.0241 3632        uagp35 - ok

16:55:30.0256 3632        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

16:55:30.0288 3632        udfs - ok

16:55:30.0303 3632        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

16:55:30.0319 3632        uliagpkx - ok

16:55:30.0334 3632        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

16:55:30.0350 3632        umbus - ok

16:55:30.0366 3632        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:55:30.0366 3632        UmPass - ok

16:55:30.0397 3632        usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

16:55:30.0412 3632        usbccgp - ok

16:55:30.0428 3632        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

16:55:30.0444 3632        usbcir - ok

16:55:30.0459 3632        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

16:55:30.0459 3632        usbehci - ok

16:55:30.0490 3632        usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

16:55:30.0506 3632        usbhub - ok

16:55:30.0522 3632        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

16:55:30.0522 3632        usbohci - ok

16:55:30.0537 3632        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:55:30.0553 3632        usbprint - ok

16:55:30.0568 3632        USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:55:30.0584 3632        USBSTOR - ok

16:55:30.0600 3632        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

16:55:30.0615 3632        usbuhci - ok

16:55:30.0631 3632        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

16:55:30.0646 3632        vdrvroot - ok

16:55:30.0662 3632        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:55:30.0678 3632        vga - ok

16:55:30.0693 3632        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:55:30.0724 3632        VgaSave - ok

16:55:30.0740 3632        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

16:55:30.0756 3632        vhdmp - ok

16:55:30.0771 3632        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

16:55:30.0771 3632        viaide - ok

16:55:30.0787 3632        vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

16:55:30.0802 3632        vmbus - ok

16:55:30.0818 3632        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

16:55:30.0834 3632        VMBusHID - ok

16:55:30.0849 3632        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

16:55:30.0865 3632        volmgr - ok

16:55:30.0880 3632        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

16:55:30.0896 3632        volmgrx - ok

16:55:30.0912 3632        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

16:55:30.0927 3632        volsnap - ok

16:55:30.0943 3632        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:55:30.0958 3632        vsmraid - ok

16:55:30.0974 3632        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

16:55:30.0990 3632        vwifibus - ok

16:55:31.0005 3632        wacmoumonitor   (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

16:55:31.0005 3632        wacmoumonitor - ok

16:55:31.0021 3632        wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

16:55:31.0036 3632        wacommousefilter - ok

16:55:31.0052 3632        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:55:31.0068 3632        WacomPen - ok

16:55:31.0083 3632        wacomvhid       (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys

16:55:31.0083 3632        wacomvhid - ok

16:55:31.0099 3632        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:55:31.0130 3632        WANARP - ok

16:55:31.0130 3632        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:55:31.0177 3632        Wanarpv6 - ok

16:55:31.0192 3632        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:55:31.0208 3632        Wd - ok

16:55:31.0224 3632        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:55:31.0239 3632        Wdf01000 - ok

16:55:31.0270 3632        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:55:31.0302 3632        WfpLwf - ok

16:55:31.0317 3632        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:55:31.0333 3632        WIMMount - ok

16:55:31.0348 3632        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

16:55:31.0364 3632        WinUsb - ok

16:55:31.0380 3632        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:55:31.0395 3632        WmiAcpi - ok

16:55:31.0411 3632        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:55:31.0458 3632        ws2ifsl - ok

16:55:31.0473 3632        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

16:55:31.0504 3632        WudfPf - ok

16:55:31.0520 3632        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:55:31.0551 3632        WUDFRd - ok

16:55:31.0582 3632        xusb21          (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys

16:55:31.0582 3632        xusb21 - ok

16:55:31.0614 3632        yukonw7         (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys

16:55:31.0629 3632        yukonw7 - ok

16:55:31.0645 3632        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

16:55:31.0879 3632        \Device\Harddisk0\DR0 - ok

16:55:31.0894 3632        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

16:55:31.0894 3632        \Device\Harddisk1\DR1 - ok

16:55:31.0910 3632        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

16:55:31.0926 3632        \Device\Harddisk2\DR2 - ok

16:55:31.0926 3632        Boot (0x1200)   (c13ed3b4511fc10a77701f764ac8a026) \Device\Harddisk0\DR0\Partition0

16:55:31.0926 3632        \Device\Harddisk0\DR0\Partition0 - ok

16:55:31.0926 3632        Boot (0x1200)   (9f992983f44b7ca6d4517e889a5c4ea0) \Device\Harddisk0\DR0\Partition1

16:55:31.0926 3632        \Device\Harddisk0\DR0\Partition1 - ok

16:55:31.0926 3632        Boot (0x1200)   (05a1eae14d318a9e7d04794c619e2a85) \Device\Harddisk1\DR1\Partition0

16:55:31.0926 3632        \Device\Harddisk1\DR1\Partition0 - ok

16:55:31.0941 3632        Boot (0x1200)   (6b1f90927ebc05fa4cae6e31425f729e) \Device\Harddisk2\DR2\Partition0

16:55:31.0941 3632        \Device\Harddisk2\DR2\Partition0 - ok

16:55:31.0941 3632        Boot (0x1200)   (4bfbfd69fa607019c75dfced8f7dc624) \Device\Harddisk2\DR2\Partition1

16:55:31.0941 3632        \Device\Harddisk2\DR2\Partition1 - ok

16:55:31.0941 3632        ============================================================

16:55:31.0941 3632        Scan finished

16:55:31.0941 3632        ============================================================

16:55:31.0941 3928        Detected object count: 0

16:55:31.0941 3928        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Okay gemacht.. Wenn ich das richtig gesehen habe, hat es mein XPAntispy gelöscht, sonst nichts? Und warum? Infiziert, oder weil es ins System eingreift?

Code:

ComboFix 12-03-10.02 - Ragey 10.03.2012  16:50:00.1.4 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.3042 [GMT 1:00]

ausgeführt von:: c:\users\Ragey\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\xp-AntiSpy

c:\program files (x86)\xp-AntiSpy\Uninstall.exe

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url

c:\users\Ragey\AppData\Local\Temp\stt44EB.tmp

E:\Autorun.inf

F:\Autorun.inf

M:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-10 bis 2012-03-10  ))))))))))))))))))))))))))))))

.

.

2012-03-09 06:28 . 2012-03-09 06:28        --------        d-----w-        C:\_OTL

2012-03-08 12:12 . 2012-03-08 12:12        --------        d-----w-        c:\program files (x86)\ESET

2012-03-06 18:09 . 2012-03-06 18:09        --------        d-----w-        c:\users\Ragey\AppData\Roaming\Malwarebytes

2012-03-06 18:09 . 2012-03-06 18:09        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-06 18:09 . 2012-03-06 18:09        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-06 18:09 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\program files\CCleaner

2012-03-05 10:37 . 2012-03-05 10:37        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-03-05 10:37 . 2012-03-05 10:37        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-03-05 10:37 . 2012-03-05 10:37        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-03-05 10:37 . 2012-03-05 10:37        45016        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-03-05 10:37 . 2012-03-05 10:37        2106216        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-03-05 10:37 . 2012-03-05 10:37        1998168        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-03-04 20:34 . 2012-03-04 20:34        --------        d-----w-        c:\users\Ragey\AppData\Roaming\TeamViewer

2012-03-03 10:18 . 2012-03-03 10:18        --------        d-----w-        c:\users\Ragey\AppData\Roaming\BigHugeEngine

2012-02-23 09:21 . 2012-02-23 09:21        --------        d-----w-        c:\windows\SysWow64\wbem\en-US

2012-02-23 09:21 . 2012-02-23 09:21        --------        d-----w-        c:\windows\system32\wbem\en-US

2012-02-18 14:59 . 2012-02-18 15:14        --------        d-----w-        C:\BDS

2012-02-18 14:59 . 2012-02-18 14:59        331908        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-02-18 14:59 . 2012-02-18 14:59        200836        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-02-18 14:59 . 2005-11-13 22:22        757760        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-02-18 14:59 . 2005-11-13 22:22        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-02-18 14:59 . 2005-11-13 22:21        274432        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-02-18 14:59 . 2005-11-13 22:20        204800        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-02-18 14:59 . 2005-11-13 22:19        65024        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-02-18 14:59 . 2005-11-13 22:19        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-02-14 21:40 . 2012-01-14 04:02        3143168        ----a-w-        c:\windows\system32\win32k.sys

2012-02-14 21:40 . 2011-12-28 03:59        499200        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-02-14 21:39 . 2011-12-16 08:42        634368        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-14 21:39 . 2011-12-16 07:59        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"7 Taskbar Tweaker"="c:\program files\Taskbar Tweaker\7 Taskbar Tweaker x64.exe" [2011-02-18 181248]

"DeskSave"="c:\program files (x86)\Desksave\DeskSave.exe" [2008-07-26 82944]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2011-02-27 36864]

"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-18 57344]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-03-06 25600]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 cpuz130;cpuz130;c:\users\Ragey\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-27 79360]

R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-02-27 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper        REG_MULTI_SZ           nosGetPlusHelper

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        97792        ----a-w-        c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = 

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Ragey\AppData\Roaming\Mozilla\Firefox\Profiles\f66f7kgp.default\

FF - prefs.js: browser.startup.homepage - about:blank

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\CTXFISPI.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-10  16:56:35 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-10 15:56

.

Vor Suchlauf: 12 Verzeichnis(se), 18.328.936.448 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 17.835.020.288 Bytes frei

.

- - End Of File - - BB1368CB119D30595000C9CC36B0BB48

Warum CF AntiSpy gelöscht hat weiß ich nicht. Ein Verlust ist das aber nicht, denn AntiSpy ist ziemlicher Quatsch. Man kann sich damit einiges an abusrden Einstellungen herbeiführen.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Okay, hier das log:

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-03-12 14:54:46

-----------------------------

14:54:46.058    OS Version: Windows x64 6.1.7600 

14:54:46.058    Number of processors: 4 586 0xF0B

14:54:46.058    ComputerName: BANANANA  UserName: Ragey

14:54:46.183    Initialize success

14:55:37.613    AVAST engine defs: 12031200

14:55:51.934    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4

14:55:51.934    Disk 0 Vendor: WDC_WD6400AAKS-00A7B0 01.03B01 Size: 610480MB BusType: 3

14:55:51.934    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1

14:55:51.950    Disk 1 Vendor: OCZ-VERTEX2 1.27 Size: 57241MB BusType: 3

14:55:51.950    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-5

14:55:51.950    Disk 2 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3

14:55:51.950    Disk 1 MBR read successfully

14:55:51.950    Disk 1 MBR scan

14:55:51.965    Disk 1 Windows 7 default MBR code

14:55:51.965    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        57139 MB offset 206848

14:55:51.965    Disk 1 scanning C:\Windows\system32\drivers

14:55:55.429    Service scanning

14:56:03.556    Modules scanning

14:56:03.556    Disk 1 trace - called modules:

14:56:03.556    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 

14:56:03.572    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80044c3060]

14:56:03.572    3 CLASSPNP.SYS[fffff8800191e43f] -> nt!IofCallDriver -> [0xfffffa8003ece520]

14:56:03.572    5 ACPI.sys[fffff88000f10781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003ecf680]

14:56:03.806    AVAST engine scan C:\Windows

14:56:04.461    AVAST engine scan C:\Windows\system32

14:57:20.761    AVAST engine scan C:\Windows\system32\drivers

14:57:24.676    AVAST engine scan C:\Users\Ragey

14:57:36.657    AVAST engine scan C:\ProgramData

14:57:43.178    Scan finished successfully

14:58:21.539    Disk 1 MBR has been saved successfully to "C:\Users\Ragey\Desktop\MBR.dat"

14:58:21.539    The log file has been saved successfully to "C:\Users\Ragey\Desktop\aswMBR.txt"

Live-System PartedMagic / GParted

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://partedmagic.com/lib/exe/fetch...ia=desktop.png

4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)

Hm, er bootet nicht fertig mit PartedMagic. Letzter Eintrag ist: PnPBios: Disabled by ACPI PNP

EDIT: Bzw beim zweiten Versuch mit ACPI: ACPI bus type pnp unregistered

Kannst du mit Failsafe Settings booten?

Also via Failsafe -> A. Failsafe Settings? Nein, geht auch nicht. Da bleibts irgendwo bei PCI Bridge to bus [bus 02-02] hängen :/

EDIT: An der CD liegt's mal nicht, mit dem Laptop kann ich einwandfrei davon booten.

Ich meine mich aber zu erinnern, dass der Rechner vor eiiiniger Zeit schonmal Probleme hatte, von einer Live-CD zu booten. Damals war die Systemplatte abgeraucht, da hatte ich es glaube ich mit Knoppix versucht.