Trojaner-Board - Windows blockiert // OTL Files am Start

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows blockiert // OTL Files am Start (https://www.trojaner-board.de/112599-windows-blockiert-otl-files-start.html)

Windows blockiert // OTL Files am Start

Moin,

wie der Titel schon sagt, habe ich ebenfalls diesen beliebten Schädling.
Habe ihn nun zum zweiten mal innerhalb von 3 Monaten, deswegen habe ich den Verdacht, dass ich ihn beim letzten Mal nicht richtig entfernt habe.

Bin direkt nach seinem Erscheinen in den abgesicherten Modus und habe Malwarebytes Antimalware laufen lassen. Das hat auch 3 infizierteObjekte gefunden und gelöscht, s.d. ich mittlerweile wieder in mein Benutzerkonto komme ( Mein Pc wird also nicht mehr blockiert). Trotzdem habe ich auch mal OTL laufen lassen, mit den Einstellungen, die ihr hier immer als erstes empfehlt.

Ich antworte mal mit den OTL Files.

OTL Logfile:

Code:

OTL logfile created on: 29.03.2012 18:21:00 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Dennis\Downloads

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,42% Memory free

8,12 Gb Paging File | 7,29 Gb Available in Paging File | 89,82% Paging File free

Paging file location(s): [Binary data over 100 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 76,68 Gb Total Space | 10,61 Gb Free Space | 13,84% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.29 18:19:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe

PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.03.21 20:00:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011.08.17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011.04.20 05:56:47 | 000,083,240 | ---- | M] () [Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)

SRV - [2011.03.31 15:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)

SRV - [2011.03.31 15:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)

SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.10.27 04:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)

SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011.04.20 05:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)

DRV - [2011.04.12 11:16:53 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/06/06 20:58:38] [Kernel | Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})

DRV - [2011.04.03 17:24:01 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2011.04.03 17:24:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2011.03.24 00:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2011.03.24 00:25:14 | 000,077,968 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)

DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2010.10.27 04:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010.09.24 14:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2010.09.06 14:19:10 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)

DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)

DRV - [2008.10.30 10:21:03 | 000,075,072 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2008.05.20 15:29:43 | 000,052,032 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)

DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 60 AC F6 BC 4D CB 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{ADCB2150-C46E-4F20-9CF5-7642C5AEE6EA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 09:08:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.08 22:12:02 | 000,000,000 | ---D | M]

 

[2010.09.06 14:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions

[2010.10.19 23:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\c04gaci2.default\extensions

[2012.02.20 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.09.06 17:25:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF

[2012.03.19 09:08:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)

O4 - HKCU..\Run: [SkypePM] C:\Users\Dennis\AppData\Local\Skype\SkypePM.exe ()

O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A054398A-656C-4972-BB58-99CE217F7E34}: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.10 14:28:49 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.03.10 14:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.thumbnails

[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\gegl-0.0

[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.gimp-2.6

[2012.03.10 14:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP

[2012.03.10 14:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2012.03.10 14:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2

[2012.03.10 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\100MSDCF

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.29 18:23:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.03.29 18:22:00 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.29 18:22:00 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.29 18:22:00 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.29 18:22:00 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.29 18:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.29 18:17:12 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.29 17:24:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.29 17:24:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.14 19:01:08 | 000,283,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.03.10 14:49:50 | 000,002,112 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel

[2012.03.10 14:25:39 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.03.10 14:49:50 | 000,002,112 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel

[2012.03.10 14:25:39 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2012.02.06 02:09:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.02.06 02:09:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.02.06 02:09:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.02.06 02:09:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.02.06 02:09:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.01.15 18:41:18 | 000,000,215 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011.06.29 22:58:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2011.06.21 21:38:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.04.03 17:24:01 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2011.04.03 17:24:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2010.10.08 00:42:06 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg

[2010.09.22 20:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2010.09.06 14:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

 
 ========== LOP Check ==========

 

[2012.03.10 14:49:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.03.29 17:20:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ

[2012.01.08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech

[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Octoshape

[2010.10.10 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

[2012.03.27 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RayV

[2011.12.16 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TS3Client

[2011.04.03 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ubisoft

[2012.03.05 19:01:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2012.02.06 02:18:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2010.09.06 14:12:57 | 000,000,000 | ---D | M] -- C:\ATI

[2012.01.15 19:01:02 | 000,000,000 | ---D | M] -- C:\Boot

[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010.09.06 14:09:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.03.10 14:25:31 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.01.08 22:42:30 | 000,000,000 | ---D | M] -- C:\ProgramData

[2010.09.06 14:09:44 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.02.06 02:18:31 | 000,000,000 | ---D | M] -- C:\Qoobox

[2010.09.06 14:09:44 | 000,000,000 | ---D | M] -- C:\Recovery

[2012.03.27 08:52:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.09.06 14:09:52 | 000,000,000 | R--D | M] -- C:\Users

[2012.02.06 02:17:22 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\ERDNT\cache\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %USERPROFILE%\*.* >

[2012.03.10 14:49:50 | 000,002,112 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel

[2012.03.29 18:35:36 | 004,194,304 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT

[2012.03.29 18:35:36 | 000,262,144 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat.LOG1

[2010.09.06 14:09:55 | 000,000,000 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat.LOG2

[2010.09.06 15:01:11 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010.09.06 15:01:11 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010.09.06 15:01:11 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010.09.06 14:09:55 | 000,000,020 | -HS- | M] () -- C:\Users\Dennis\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 29.03.2012 18:21:00 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Dennis\Downloads

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,42% Memory free

8,12 Gb Paging File | 7,29 Gb Available in Paging File | 89,82% Paging File free

Paging file location(s): [Binary data over 100 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 76,68 Gb Total Space | 10,61 Gb Free Space | 13,84% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0

"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer

"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support

"{17D8DD6D-E1F9-F2CC-7CB4-6589129923CE}" = Catalyst Control Center Graphics Previews Vista

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{258236B1-6DFE-7363-E4C3-CDC6FCC03BF6}" = Catalyst Control Center InstallProxy

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30

"{3595DD89-873E-6911-4AF0-47542B5C8073}" = ATI Catalyst Install Manager

"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404

"{3DB05083-3621-D206-CB9B-68E8CDB139AD}" = CCC Help English

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C36BD6F-3C93-3ED7-A4EA-2D1D9A6E215B}" = Catalyst Control Center Graphics Previews Common

"{4E765B16-84C0-40FD-A33D-D58CC7C75603}" = UGS NX 5.0

"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C457CDB-18B2-E0AA-F2DD-5A69AE2C0505}" = ccc-utility

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AABB8DC0-EAD9-AB1A-481D-0780B0277FF7}" = AMD Drag and Drop Transcoding

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch

"{AC84BA9D-B8B1-5723-ABE0-6BD8EA698A3F}" = WMV9/VC-1 Video Playback

"{ADA6637C-88B5-D2D6-E017-8F7C000CAC3E}" = ccc-core-static

"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes

"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6

"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11

"{F90F9BCF-5138-4398-9F51-31DB55E940A4}" = UGS NX 7.5 Documentation

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 

"DivX Setup.divx.com" = DivX-Setup

"EADM" = EA Download Manager

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"GOM Player" = GOM Player

"GomTVStreamer" = GOMTV Streamer

"GPL Ghostscript" = GPL Ghostscript

"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"PDF Blender" = PDF Blender

"RayV" = DTVblizzcon

"sp6" = Logitech SetPoint 6.32

"StarCraft II" = StarCraft II

"Steam App 400" = Portal

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Veetle TV" = Veetle TV 0.9.18

"VLC media player" = VLC media player 1.1.11

"WinGimp-2.0_is1" = GIMP 2.6.11

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"Octoshape Streaming Services" = Octoshape Streaming Services

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 14.11.2011 17:16:23 | Computer Name = Dennis-PC | Source = Wudf01000 | ID = 921877

Description = 

 

Error - 14.11.2011 17:16:35 | Computer Name = Dennis-PC | Source = NtServicePack | ID = 921877

Description = 

 

Error - 14.11.2011 17:30:29 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 14.11.2011 17:43:02 | Computer Name = Dennis-PC | Source = MsiInstaller | ID = 10005

Description = 

 

Error - 14.11.2011 17:44:09 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 21.11.2011 17:47:09 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 8fc    Startzeit: 

01cca88ba46406b1    Endzeit: 25    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
 

Berichts-ID:

 5a029c06-148a-11e1-951a-001e8ca813b0  

 

Error - 15.01.2012 13:01:19 | Computer Name = Dennis-PC | Source = ESENT | ID = 215

Description = WinMail (3532) WindowsMail0: Die Sicherung wurde abgebrochen, weil

 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen

 wurde.

 

Error - 29.01.2012 17:01:44 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002

Description = Programm SC2.exe, Version 1.4.2.20141 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: eb4    Startzeit: 

01ccdec53e8bd6ad    Endzeit: 58    Anwendungspfad: C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe
 

Berichts-ID:

 6ff742d0-4abc-11e1-ba5f-001e8ca813b0  

 

Error - 05.02.2012 19:58:42 | Computer Name = Dennis-PC | Source = System Restore | ID = 8193

Description = 

 

Error - 23.03.2012 13:09:48 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,

 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: xul.dll, Version: 11.0.0.4454,

 Zeitstempel: 0x4f5ecb27  Ausnahmecode: 0xc0000005  Fehleroffset: 0x009f9e49  ID des fehlerhaften

 Prozesses: 0x1194  Startzeit der fehlerhaften Anwendung: 0x01cd0917bf4bb958  Pfad der

 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad

 des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung:

 fe454b22-750a-11e1-9841-001e8ca813b0

 

[ Cisco AnyConnect Secure Mobility Client Events ]

Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108866

Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h

Line:

 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)

Description:

 PLUGINLOADER_ERROR_COULD_NOT_CREATE 

 

Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108866

Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h

Line:

 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)

Description:

 PLUGINLOADER_ERROR_COULD_NOT_CREATE 

 

Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108866

Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4156

Invoked

 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine

 Daten mehr verfügbar.   

 

Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108865

Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:

 1020 NULL object. Cannot establish a connection at this time.

 

Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866

Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp

Line:

 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:

 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   

 

Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866

Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp

Line:

 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:

 unknown 

 

Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866

Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp

Line:

 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)

Description:

 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 

 

Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866

Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:

 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 

(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 

 

Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866

Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp

Line:

 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene

 Verbindung wurde vom Remotehost geschlossen.   

 

Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866

Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp

Line:

 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805

 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 

 

[ System Events ]

Error - 29.03.2012 12:24:33 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:26:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:26:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:26:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:31:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:31:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:31:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:33:47 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:33:47 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 29.03.2012 12:33:47 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

 

< End of report >

--- --- ---

hoch damit!

Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.29.06
 

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.7601.17514

Dennis :: DENNIS-PC [Administrator]
 

29.03.2012 18:24:21

mbam-log-2012-03-29 (18-24-21).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 198331

Laufzeit: 3 Minute(n), 32 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Trojan.Agent) -> Daten: C:\Users\Dennis\AppData\Local\Skype\SkypePM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Users\Dennis\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Dennis\AppData\Local\Temp\cgs8h0.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Zwei Fragen:

1.) Funktioniert der normale Modus wieder?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Wie gesagt, der normale funktioniert wieder. Im Startmenü vermisse ich nichts, da sind auch keine leeren Ordner.

Gut, ich muss mich nur vorher vergewissern ;)
Mach bitte im normalen Modus ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 31.03.2012 08:55:06 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Dennis\Downloads

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 75,20% Memory free

8,12 Gb Paging File | 7,18 Gb Available in Paging File | 88,46% Paging File free

Paging file location(s): [Binary data over 100 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 76,68 Gb Total Space | 11,25 Gb Free Space | 14,67% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.29 18:19:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe

PRC - [2012.03.21 20:00:26 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe

PRC - [2011.10.19 17:39:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe

PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe

PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe

PRC - [2011.03.24 00:35:05 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.10.27 04:51:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2010.10.27 04:51:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.03.21 20:00:26 | 020,297,512 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll

MOD - [2012.03.21 20:00:24 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll

MOD - [2012.03.21 20:00:24 | 000,907,048 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll

MOD - [2012.03.21 20:00:24 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll

MOD - [2012.03.21 20:00:24 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll

MOD - [2012.02.19 11:05:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll

MOD - [2012.02.19 11:05:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.19 11:05:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012.02.19 11:05:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012.02.19 11:04:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.19 11:04:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.19 11:04:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012.01.16 11:04:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll

MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.10.26 23:45:26 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.03.21 20:00:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011.08.17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.10.27 04:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011.04.03 17:24:01 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2011.04.03 17:24:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2011.03.24 00:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2011.03.24 00:25:14 | 000,077,968 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)

DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2010.10.27 04:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010.09.24 14:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 60 AC F6 BC 4D CB 01  [binary data]

IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\..\SearchScopes\{ADCB2150-C46E-4F20-9CF5-7642C5AEE6EA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}

IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.29 19:19:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.29 19:19:54 | 000,000,000 | ---D | M]

 

[2010.09.06 14:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions

[2010.10.19 23:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\c04gaci2.default\extensions

[2012.02.20 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.09.06 17:25:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF

[2012.03.19 09:08:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000..\Run: [Octoshape Streaming Services] C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A054398A-656C-4972-BB58-99CE217F7E34}: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.29 19:20:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2012.03.29 19:19:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.03.29 19:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012.03.10 14:28:49 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.03.10 14:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.thumbnails

[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\gegl-0.0

[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.gimp-2.6

[2012.03.10 14:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP

[2012.03.10 14:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2012.03.10 14:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2

[2012.03.10 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\100MSDCF

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.31 08:33:06 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.31 08:33:06 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.31 08:31:49 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.31 08:31:49 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.31 08:31:49 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.31 08:31:49 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.31 08:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.31 08:25:45 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.29 19:10:49 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.03.14 19:01:08 | 000,283,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.03.10 14:49:50 | 000,002,112 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel

[2012.03.10 14:25:39 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.03.29 19:10:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.03.29 19:10:49 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.03.10 14:49:50 | 000,002,112 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel

[2012.03.10 14:25:39 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2012.02.06 02:09:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.02.06 02:09:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.02.06 02:09:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.02.06 02:09:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.02.06 02:09:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.01.15 18:41:18 | 000,000,215 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011.06.29 22:58:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2011.06.21 21:38:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.04.03 17:24:01 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2011.04.03 17:24:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2010.10.08 00:42:06 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg

[2010.09.22 20:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2010.09.06 14:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

 
 ========== LOP Check ==========

 

[2012.03.10 14:49:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.03.29 19:08:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ

[2012.01.08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech

[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Octoshape

[2010.10.10 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

[2012.03.29 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RayV

[2011.12.16 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TS3Client

[2011.04.03 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ubisoft

[2012.03.05 19:01:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.09.09 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe

[2010.09.28 13:43:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer

[2010.09.06 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ATI

[2011.06.06 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink

[2010.11.04 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GRETECH

[2012.03.10 14:49:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.03.29 19:08:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ

[2010.09.06 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities

[2012.01.08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech

[2012.01.08 22:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Logishrd

[2012.01.08 22:44:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Logitech

[2010.09.06 15:06:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia

[2011.10.01 00:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes

[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs

[2012.01.08 22:43:38 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft

[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla

[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Octoshape

[2010.10.10 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

[2012.03.29 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RayV

[2011.11.09 12:07:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Real

[2011.11.14 23:22:14 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM

[2011.09.17 14:08:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sun

[2010.09.06 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\teamspeak2

[2011.12.16 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TS3Client

[2011.04.03 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ubisoft

[2011.11.09 12:03:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc

[2010.09.09 12:35:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe

[2007.03.22 12:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\GRETECH\GomTVStreamer\GrLauncher.exe

[2011.07.12 21:57:56 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2010.09.26 19:26:43 | 000,348,160 | ---- | M] (Octoshape ApS) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

[2012.01.08 22:43:38 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Übrigens bin ich ab heute abend bis Ostern in Urlaub, kann also nicht an meinen PC.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

[2011.09.06 17:25:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So bin wieder da. Habe gemacht, was du gesagt hast:

Code:

All processes killed

========== OTL ==========

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Dennis

->Temp folder emptied: 27812250 bytes

->Temporary Internet Files folder emptied: 26162236 bytes

->Java cache emptied: 1214806 bytes

->FireFox cache emptied: 356470637 bytes

->Flash cache emptied: 4237754 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 108696 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 397,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: Dennis

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 04092012_202431
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

20:44:34.0427 0572        TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37

20:44:34.0551 0572        ============================================================

20:44:34.0551 0572        Current date / time: 2012/04/09 20:44:34.0551

20:44:34.0551 0572        SystemInfo:

20:44:34.0551 0572        

20:44:34.0551 0572        OS Version: 6.1.7601 ServicePack: 1.0

20:44:34.0551 0572        Product type: Workstation

20:44:34.0551 0572        ComputerName: DENNIS-PC

20:44:34.0551 0572        UserName: Dennis

20:44:34.0551 0572        Windows directory: C:\Windows

20:44:34.0551 0572        System windows directory: C:\Windows

20:44:34.0552 0572        Processor architecture: Intel x86

20:44:34.0552 0572        Number of processors: 2

20:44:34.0552 0572        Page size: 0x1000

20:44:34.0552 0572        Boot type: Normal boot

20:44:34.0552 0572        ============================================================

20:44:35.0535 0572        Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:44:35.0536 0572        \Device\Harddisk0\DR0:

20:44:35.0537 0572        MBR used

20:44:35.0537 0572        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B

20:44:35.0568 0572        Initialize success

20:44:35.0568 0572        ============================================================

20:44:57.0085 2668        ============================================================

20:44:57.0085 2668        Scan started

20:44:57.0085 2668        Mode: Manual; SigCheck; TDLFS; 

20:44:57.0085 2668        ============================================================

20:44:57.0513 2668        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

20:44:57.0601 2668        1394ohci - ok

20:44:57.0658 2668        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

20:44:57.0673 2668        ACPI - ok

20:44:57.0763 2668        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

20:44:57.0813 2668        AcpiPmi - ok

20:44:57.0879 2668        acsock          (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys

20:44:58.0226 2668        acsock - ok

20:44:58.0326 2668        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

20:44:58.0346 2668        adp94xx - ok

20:44:58.0408 2668        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

20:44:58.0424 2668        adpahci - ok

20:44:58.0459 2668        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

20:44:58.0472 2668        adpu320 - ok

20:44:58.0522 2668        AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

20:44:58.0560 2668        AeLookupSvc - ok

20:44:58.0652 2668        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

20:44:58.0699 2668        AFD - ok

20:44:58.0746 2668        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

20:44:58.0756 2668        agp440 - ok

20:44:58.0822 2668        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

20:44:58.0833 2668        aic78xx - ok

20:44:58.0878 2668        ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

20:44:58.0911 2668        ALG - ok

20:44:58.0968 2668        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

20:44:58.0978 2668        aliide - ok

20:44:59.0048 2668        AMD External Events Utility (9ca186a6b4b2936246f5a13dcf6138a0) C:\Windows\system32\atiesrxx.exe

20:44:59.0092 2668        AMD External Events Utility - ok

20:44:59.0121 2668        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

20:44:59.0132 2668        amdagp - ok

20:44:59.0181 2668        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

20:44:59.0191 2668        amdide - ok

20:44:59.0249 2668        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

20:44:59.0294 2668        AmdK8 - ok

20:44:59.0496 2668        amdkmdag        (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys

20:44:59.0694 2668        amdkmdag - ok

20:44:59.0799 2668        amdkmdap        (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys

20:44:59.0828 2668        amdkmdap - ok

20:44:59.0870 2668        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

20:44:59.0909 2668        AmdPPM - ok

20:44:59.0990 2668        amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

20:45:00.0002 2668        amdsata - ok

20:45:00.0019 2668        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

20:45:00.0031 2668        amdsbs - ok

20:45:00.0048 2668        amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

20:45:00.0056 2668        amdxata - ok

20:45:00.0104 2668        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

20:45:00.0185 2668        AppID - ok

20:45:00.0267 2668        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

20:45:00.0300 2668        AppIDSvc - ok

20:45:00.0335 2668        Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

20:45:00.0365 2668        Appinfo - ok

20:45:00.0441 2668        Apple Mobile Device (367592efca7ff8b4ce11ab6b0744e1e2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

20:45:00.0450 2668        Apple Mobile Device - ok

20:45:00.0506 2668        Application Updater (df7f37f2a23bd1b3a6721b328355dc91) C:\Program Files\Application Updater\ApplicationUpdater.exe

20:45:00.0523 2668        Application Updater - ok

20:45:00.0607 2668        AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

20:45:00.0638 2668        AppMgmt - ok

20:45:00.0702 2668        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

20:45:00.0713 2668        arc - ok

20:45:00.0730 2668        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

20:45:00.0741 2668        arcsas - ok

20:45:00.0790 2668        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

20:45:00.0886 2668        AsyncMac - ok

20:45:00.0973 2668        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

20:45:00.0983 2668        atapi - ok

20:45:01.0021 2668        AtcL001         (3d8880a2cf21dcc057c8d9a194c41f10) C:\Windows\system32\DRIVERS\l160x86.sys

20:45:01.0049 2668        AtcL001 - ok

20:45:01.0178 2668        AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys

20:45:01.0186 2668        AtiHDAudioService - ok

20:45:01.0380 2668        atikmdag        (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys

20:45:01.0457 2668        atikmdag - ok

20:45:01.0595 2668        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

20:45:01.0605 2668        atksgt - ok

20:45:01.0658 2668        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

20:45:01.0694 2668        AudioEndpointBuilder - ok

20:45:01.0701 2668        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

20:45:01.0725 2668        Audiosrv - ok

20:45:01.0807 2668        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

20:45:01.0856 2668        AxInstSV - ok

20:45:01.0914 2668        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

20:45:01.0950 2668        b06bdrv - ok

20:45:02.0039 2668        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

20:45:02.0052 2668        b57nd60x - ok

20:45:02.0091 2668        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

20:45:02.0143 2668        BDESVC - ok

20:45:02.0226 2668        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

20:45:02.0259 2668        Beep - ok

20:45:02.0328 2668        BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

20:45:02.0368 2668        BFE - ok

20:45:02.0448 2668        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll

20:45:02.0495 2668        BITS - ok

20:45:02.0536 2668        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

20:45:02.0559 2668        blbdrive - ok

20:45:02.0654 2668        Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

20:45:02.0661 2668        Bonjour Service - ok

20:45:02.0758 2668        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

20:45:02.0789 2668        bowser - ok

20:45:02.0815 2668        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:45:02.0860 2668        BrFiltLo - ok

20:45:02.0921 2668        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:45:02.0944 2668        BrFiltUp - ok

20:45:02.0987 2668        BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

20:45:03.0026 2668        BridgeMP - ok

20:45:03.0131 2668        Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

20:45:03.0189 2668        Browser - ok

20:45:03.0246 2668        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

20:45:03.0301 2668        Brserid - ok

20:45:03.0348 2668        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

20:45:03.0376 2668        BrSerWdm - ok

20:45:03.0464 2668        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:45:03.0517 2668        BrUsbMdm - ok

20:45:03.0692 2668        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

20:45:03.0730 2668        BrUsbSer - ok

20:45:03.0797 2668        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

20:45:03.0818 2668        BTHMODEM - ok

20:45:03.0858 2668        bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

20:45:03.0893 2668        bthserv - ok

20:45:03.0970 2668        catchme - ok

20:45:04.0044 2668        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

20:45:04.0078 2668        cdfs - ok

20:45:04.0146 2668        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

20:45:04.0168 2668        cdrom - ok

20:45:04.0242 2668        CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

20:45:04.0284 2668        CertPropSvc - ok

20:45:04.0347 2668        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

20:45:04.0372 2668        circlass - ok

20:45:04.0430 2668        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

20:45:04.0445 2668        CLFS - ok

20:45:04.0498 2668        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:45:04.0507 2668        clr_optimization_v2.0.50727_32 - ok

20:45:04.0579 2668        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

20:45:04.0591 2668        CmBatt - ok

20:45:04.0622 2668        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

20:45:04.0632 2668        cmdide - ok

20:45:04.0692 2668        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

20:45:04.0715 2668        CNG - ok

20:45:04.0784 2668        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

20:45:04.0792 2668        Compbatt - ok

20:45:04.0836 2668        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

20:45:04.0865 2668        CompositeBus - ok

20:45:04.0892 2668        COMSysApp - ok

20:45:04.0912 2668        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

20:45:04.0920 2668        crcdisk - ok

20:45:04.0998 2668        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

20:45:05.0035 2668        CryptSvc - ok

20:45:05.0092 2668        CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

20:45:05.0122 2668        CSC - ok

20:45:05.0182 2668        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

20:45:05.0221 2668        CscService - ok

20:45:05.0277 2668        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

20:45:05.0308 2668        DcomLaunch - ok

20:45:05.0351 2668        defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

20:45:05.0386 2668        defragsvc - ok

20:45:05.0481 2668        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

20:45:05.0524 2668        DfsC - ok

20:45:05.0603 2668        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

20:45:05.0643 2668        Dhcp - ok

20:45:05.0716 2668        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

20:45:05.0753 2668        discache - ok

20:45:05.0789 2668        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

20:45:05.0800 2668        Disk - ok

20:45:05.0836 2668        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

20:45:05.0871 2668        Dnscache - ok

20:45:05.0933 2668        dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

20:45:05.0970 2668        dot3svc - ok

20:45:06.0025 2668        DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

20:45:06.0066 2668        DPS - ok

20:45:06.0148 2668        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

20:45:06.0171 2668        drmkaud - ok

20:45:06.0235 2668        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

20:45:06.0255 2668        DXGKrnl - ok

20:45:06.0286 2668        EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

20:45:06.0332 2668        EapHost - ok

20:45:06.0464 2668        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

20:45:06.0528 2668        ebdrv - ok

20:45:06.0597 2668        EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

20:45:06.0627 2668        EFS - ok

20:45:06.0684 2668        ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

20:45:06.0728 2668        ehRecvr - ok

20:45:06.0770 2668        ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

20:45:06.0800 2668        ehSched - ok

20:45:06.0891 2668        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

20:45:06.0910 2668        elxstor - ok

20:45:06.0959 2668        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

20:45:06.0987 2668        ErrDev - ok

20:45:07.0049 2668        EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

20:45:07.0093 2668        EventSystem - ok

20:45:07.0158 2668        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

20:45:07.0190 2668        exfat - ok

20:45:07.0220 2668        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

20:45:07.0248 2668        fastfat - ok

20:45:07.0317 2668        Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

20:45:07.0350 2668        Fax - ok

20:45:07.0397 2668        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

20:45:07.0412 2668        fdc - ok

20:45:07.0457 2668        fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

20:45:07.0494 2668        fdPHost - ok

20:45:07.0513 2668        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

20:45:07.0546 2668        FDResPub - ok

20:45:07.0599 2668        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

20:45:07.0610 2668        FileInfo - ok

20:45:07.0646 2668        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

20:45:07.0688 2668        Filetrace - ok

20:45:07.0712 2668        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

20:45:07.0733 2668        flpydisk - ok

20:45:07.0781 2668        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

20:45:07.0794 2668        FltMgr - ok

20:45:07.0865 2668        FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll

20:45:07.0908 2668        FontCache - ok

20:45:07.0962 2668        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:45:07.0970 2668        FontCache3.0.0.0 - ok

20:45:08.0044 2668        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

20:45:08.0054 2668        FsDepends - ok

20:45:08.0070 2668        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

20:45:08.0080 2668        Fs_Rec - ok

20:45:08.0132 2668        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

20:45:08.0148 2668        fvevol - ok

20:45:08.0242 2668        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:45:08.0254 2668        gagp30kx - ok

20:45:08.0300 2668        GEARAspiWDM     (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:45:08.0307 2668        GEARAspiWDM - ok

20:45:08.0357 2668        gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

20:45:08.0400 2668        gpsvc - ok

20:45:08.0478 2668        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

20:45:08.0512 2668        hcw85cir - ok

20:45:08.0571 2668        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

20:45:08.0603 2668        HdAudAddService - ok

20:45:08.0712 2668        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

20:45:08.0741 2668        HDAudBus - ok

20:45:08.0776 2668        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

20:45:08.0798 2668        HidBatt - ok

20:45:08.0820 2668        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

20:45:08.0851 2668        HidBth - ok

20:45:08.0916 2668        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

20:45:08.0930 2668        HidIr - ok

20:45:08.0954 2668        hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

20:45:08.0991 2668        hidserv - ok

20:45:09.0051 2668        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

20:45:09.0063 2668        HidUsb - ok

20:45:09.0137 2668        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

20:45:09.0170 2668        hkmsvc - ok

20:45:09.0207 2668        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

20:45:09.0234 2668        HomeGroupListener - ok

20:45:09.0268 2668        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

20:45:09.0302 2668        HomeGroupProvider - ok

20:45:09.0398 2668        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

20:45:09.0409 2668        HpSAMD - ok

20:45:09.0470 2668        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

20:45:09.0502 2668        HTTP - ok

20:45:09.0558 2668        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

20:45:09.0567 2668        hwpolicy - ok

20:45:09.0651 2668        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

20:45:09.0676 2668        i8042prt - ok

20:45:09.0748 2668        iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

20:45:09.0764 2668        iaStorV - ok

20:45:09.0834 2668        idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:45:09.0859 2668        idsvc - ok

20:45:09.0950 2668        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

20:45:09.0961 2668        iirsp - ok

20:45:10.0027 2668        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

20:45:10.0076 2668        IKEEXT - ok

20:45:10.0148 2668        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

20:45:10.0157 2668        intelide - ok

20:45:10.0188 2668        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

20:45:10.0208 2668        intelppm - ok

20:45:10.0229 2668        IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

20:45:10.0272 2668        IPBusEnum - ok

20:45:10.0348 2668        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:45:10.0389 2668        IpFilterDriver - ok

20:45:10.0458 2668        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

20:45:10.0508 2668        iphlpsvc - ok

20:45:10.0591 2668        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

20:45:10.0608 2668        IPMIDRV - ok

20:45:10.0644 2668        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

20:45:10.0681 2668        IPNAT - ok

20:45:10.0756 2668        iPod Service    (5c7538b244e439df39388da28e0a18d1) C:\Program Files\iPod\bin\iPodService.exe

20:45:10.0774 2668        iPod Service - ok

20:45:10.0868 2668        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

20:45:10.0883 2668        IRENUM - ok

20:45:10.0922 2668        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

20:45:10.0933 2668        isapnp - ok

20:45:10.0974 2668        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

20:45:10.0989 2668        iScsiPrt - ok

20:45:11.0065 2668        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

20:45:11.0075 2668        kbdclass - ok

20:45:11.0099 2668        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

20:45:11.0127 2668        kbdhid - ok

20:45:11.0155 2668        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

20:45:11.0168 2668        KeyIso - ok

20:45:11.0184 2668        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

20:45:11.0194 2668        KSecDD - ok

20:45:11.0256 2668        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

20:45:11.0268 2668        KSecPkg - ok

20:45:11.0298 2668        KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

20:45:11.0331 2668        KtmRm - ok

20:45:11.0373 2668        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

20:45:11.0406 2668        LanmanServer - ok

20:45:11.0482 2668        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

20:45:11.0528 2668        LanmanWorkstation - ok

20:45:11.0665 2668        LBTServ         (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

20:45:11.0679 2668        LBTServ - ok

20:45:11.0777 2668        LHidFilt        (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys

20:45:11.0785 2668        LHidFilt - ok

20:45:11.0848 2668        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

20:45:11.0855 2668        lirsgt - ok

20:45:11.0955 2668        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

20:45:11.0998 2668        lltdio - ok

20:45:12.0035 2668        lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

20:45:12.0064 2668        lltdsvc - ok

20:45:12.0080 2668        lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

20:45:12.0109 2668        lmhosts - ok

20:45:12.0196 2668        LMouFilt        (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys

20:45:12.0204 2668        LMouFilt - ok

20:45:12.0244 2668        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:45:12.0255 2668        LSI_FC - ok

20:45:12.0269 2668        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:45:12.0280 2668        LSI_SAS - ok

20:45:12.0353 2668        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:45:12.0364 2668        LSI_SAS2 - ok

20:45:12.0382 2668        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:45:12.0393 2668        LSI_SCSI - ok

20:45:12.0414 2668        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

20:45:12.0441 2668        luafv - ok

20:45:12.0477 2668        LUsbFilt        (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\Windows\system32\Drivers\LUsbFilt.Sys

20:45:12.0484 2668        LUsbFilt - ok

20:45:12.0519 2668        Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

20:45:12.0533 2668        Mcx2Svc - ok

20:45:12.0564 2668        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

20:45:12.0574 2668        megasas - ok

20:45:12.0662 2668        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

20:45:12.0676 2668        MegaSR - ok

20:45:12.0706 2668        MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

20:45:12.0745 2668        MMCSS - ok

20:45:12.0773 2668        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

20:45:12.0793 2668        Modem - ok

20:45:12.0882 2668        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

20:45:12.0907 2668        monitor - ok

20:45:12.0951 2668        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

20:45:12.0961 2668        mouclass - ok

20:45:13.0065 2668        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

20:45:13.0097 2668        mouhid - ok

20:45:13.0131 2668        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

20:45:13.0142 2668        mountmgr - ok

20:45:13.0174 2668        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

20:45:13.0186 2668        mpio - ok

20:45:13.0272 2668        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

20:45:13.0304 2668        mpsdrv - ok

20:45:13.0353 2668        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

20:45:13.0412 2668        MpsSvc - ok

20:45:13.0496 2668        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

20:45:13.0512 2668        MRxDAV - ok

20:45:13.0581 2668        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:45:13.0635 2668        mrxsmb - ok

20:45:13.0742 2668        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:45:13.0769 2668        mrxsmb10 - ok

20:45:13.0807 2668        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:45:13.0839 2668        mrxsmb20 - ok

20:45:13.0919 2668        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

20:45:13.0929 2668        msahci - ok

20:45:13.0955 2668        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

20:45:13.0967 2668        msdsm - ok

20:45:13.0990 2668        MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

20:45:14.0014 2668        MSDTC - ok

20:45:14.0040 2668        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

20:45:14.0067 2668        Msfs - ok

20:45:14.0141 2668        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

20:45:14.0184 2668        mshidkmdf - ok

20:45:14.0215 2668        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

20:45:14.0222 2668        msisadrv - ok

20:45:14.0267 2668        MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

20:45:14.0307 2668        MSiSCSI - ok

20:45:14.0345 2668        msiserver - ok

20:45:14.0403 2668        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

20:45:14.0441 2668        MSKSSRV - ok

20:45:14.0464 2668        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

20:45:14.0495 2668        MSPCLOCK - ok

20:45:14.0559 2668        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

20:45:14.0597 2668        MSPQM - ok

20:45:14.0622 2668        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

20:45:14.0634 2668        MsRPC - ok

20:45:14.0683 2668        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

20:45:14.0693 2668        mssmbios - ok

20:45:14.0773 2668        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

20:45:14.0799 2668        MSTEE - ok

20:45:14.0812 2668        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

20:45:14.0838 2668        MTConfig - ok

20:45:14.0853 2668        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

20:45:14.0863 2668        Mup - ok

20:45:14.0911 2668        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

20:45:14.0942 2668        napagent - ok

20:45:15.0014 2668        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

20:45:15.0033 2668        NativeWifiP - ok

20:45:15.0099 2668        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

20:45:15.0122 2668        NDIS - ok

20:45:15.0192 2668        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

20:45:15.0228 2668        NdisCap - ok

20:45:15.0262 2668        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

20:45:15.0296 2668        NdisTapi - ok

20:45:15.0374 2668        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

20:45:15.0399 2668        Ndisuio - ok

20:45:15.0432 2668        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

20:45:15.0457 2668        NdisWan - ok

20:45:15.0528 2668        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

20:45:15.0594 2668        NDProxy - ok

20:45:15.0724 2668        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

20:45:15.0763 2668        NetBIOS - ok

20:45:15.0828 2668        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

20:45:15.0872 2668        NetBT - ok

20:45:15.0938 2668        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

20:45:15.0950 2668        Netlogon - ok

20:45:16.0004 2668        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

20:45:16.0047 2668        Netman - ok

20:45:16.0090 2668        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

20:45:16.0137 2668        netprofm - ok

20:45:16.0215 2668        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:45:16.0225 2668        NetTcpPortSharing - ok

20:45:16.0334 2668        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

20:45:16.0344 2668        nfrd960 - ok

20:45:16.0384 2668        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

20:45:16.0427 2668        NlaSvc - ok

20:45:16.0446 2668        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

20:45:16.0475 2668        Npfs - ok

20:45:16.0518 2668        nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

20:45:16.0540 2668        nsi - ok

20:45:16.0587 2668        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

20:45:16.0618 2668        nsiproxy - ok

20:45:16.0675 2668        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

20:45:16.0702 2668        Ntfs - ok

20:45:16.0778 2668        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

20:45:16.0803 2668        Null - ok

20:45:16.0847 2668        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

20:45:16.0857 2668        nvraid - ok

20:45:16.0890 2668        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

20:45:16.0903 2668        nvstor - ok

20:45:16.0977 2668        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

20:45:16.0989 2668        nv_agp - ok

20:45:17.0003 2668        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

20:45:17.0025 2668        ohci1394 - ok

20:45:17.0048 2668        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

20:45:17.0093 2668        p2pimsvc - ok

20:45:17.0137 2668        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

20:45:17.0155 2668        p2psvc - ok

20:45:17.0201 2668        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

20:45:17.0229 2668        Parport - ok

20:45:17.0266 2668        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

20:45:17.0276 2668        partmgr - ok

20:45:17.0320 2668        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

20:45:17.0343 2668        Parvdm - ok

20:45:17.0371 2668        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

20:45:17.0390 2668        PcaSvc - ok

20:45:17.0431 2668        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

20:45:17.0443 2668        pci - ok

20:45:17.0487 2668        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

20:45:17.0497 2668        pciide - ok

20:45:17.0531 2668        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

20:45:17.0544 2668        pcmcia - ok

20:45:17.0562 2668        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

20:45:17.0572 2668        pcw - ok

20:45:17.0616 2668        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

20:45:17.0649 2668        PEAUTH - ok

20:45:17.0717 2668        PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

20:45:17.0760 2668        PeerDistSvc - ok

20:45:17.0838 2668        pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

20:45:17.0887 2668        pla - ok

20:45:17.0968 2668        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

20:45:17.0996 2668        PlugPlay - ok

20:45:18.0031 2668        PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

20:45:18.0051 2668        PNRPAutoReg - ok

20:45:18.0098 2668        PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

20:45:18.0114 2668        PNRPsvc - ok

20:45:18.0155 2668        PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

20:45:18.0186 2668        PolicyAgent - ok

20:45:18.0215 2668        Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

20:45:18.0242 2668        Power - ok

20:45:18.0319 2668        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

20:45:18.0352 2668        PptpMiniport - ok

20:45:18.0376 2668        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

20:45:18.0398 2668        Processor - ok

20:45:18.0455 2668        ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

20:45:18.0484 2668        ProfSvc - ok

20:45:18.0546 2668        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

20:45:18.0558 2668        ProtectedStorage - ok

20:45:18.0614 2668        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

20:45:18.0652 2668        Psched - ok

20:45:18.0704 2668        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

20:45:18.0734 2668        ql2300 - ok

20:45:18.0807 2668        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

20:45:18.0818 2668        ql40xx - ok

20:45:18.0861 2668        QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

20:45:18.0892 2668        QWAVE - ok

20:45:18.0955 2668        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

20:45:18.0970 2668        QWAVEdrv - ok

20:45:18.0990 2668        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

20:45:19.0017 2668        RasAcd - ok

20:45:19.0053 2668        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:45:19.0094 2668        RasAgileVpn - ok

20:45:19.0157 2668        RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

20:45:19.0186 2668        RasAuto - ok

20:45:19.0236 2668        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:45:19.0277 2668        Rasl2tp - ok

20:45:19.0365 2668        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

20:45:19.0404 2668        RasMan - ok

20:45:19.0460 2668        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

20:45:19.0498 2668        RasPppoe - ok

20:45:19.0548 2668        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

20:45:19.0581 2668        RasSstp - ok

20:45:19.0616 2668        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

20:45:19.0650 2668        rdbss - ok

20:45:19.0689 2668        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

20:45:19.0711 2668        rdpbus - ok

20:45:19.0767 2668        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:45:19.0807 2668        RDPCDD - ok

20:45:19.0846 2668        RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

20:45:19.0873 2668        RDPDR - ok

20:45:19.0967 2668        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

20:45:19.0998 2668        RDPENCDD - ok

20:45:20.0014 2668        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

20:45:20.0033 2668        RDPREFMP - ok

20:45:20.0072 2668        RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

20:45:20.0099 2668        RDPWD - ok

20:45:20.0206 2668        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

20:45:20.0218 2668        rdyboost - ok

20:45:20.0236 2668        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

20:45:20.0276 2668        RemoteAccess - ok

20:45:20.0308 2668        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

20:45:20.0338 2668        RemoteRegistry - ok

20:45:20.0384 2668        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

20:45:20.0413 2668        RpcEptMapper - ok

20:45:20.0439 2668        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

20:45:20.0464 2668        RpcLocator - ok

20:45:20.0501 2668        RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

20:45:20.0528 2668        RpcSs - ok

20:45:20.0605 2668        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

20:45:20.0633 2668        rspndr - ok

20:45:20.0676 2668        s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

20:45:20.0705 2668        s3cap - ok

20:45:20.0770 2668        SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

20:45:20.0783 2668        SamSs - ok

20:45:20.0821 2668        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

20:45:20.0833 2668        sbp2port - ok

20:45:20.0869 2668        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

20:45:20.0907 2668        SCardSvr - ok

20:45:20.0971 2668        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

20:45:21.0001 2668        scfilter - ok

20:45:21.0053 2668        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

20:45:21.0090 2668        Schedule - ok

20:45:21.0157 2668        SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

20:45:21.0181 2668        SCPolicySvc - ok

20:45:21.0204 2668        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

20:45:21.0235 2668        SDRSVC - ok

20:45:21.0287 2668        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:45:21.0315 2668        secdrv - ok

20:45:21.0370 2668        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

20:45:21.0401 2668        seclogon - ok

20:45:21.0417 2668        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

20:45:21.0453 2668        SENS - ok

20:45:21.0491 2668        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

20:45:21.0513 2668        SensrSvc - ok

20:45:21.0593 2668        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

20:45:21.0621 2668        Serenum - ok

20:45:21.0641 2668        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

20:45:21.0658 2668        Serial - ok

20:45:21.0763 2668        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

20:45:21.0791 2668        sermouse - ok

20:45:21.0840 2668        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

20:45:21.0886 2668        SessionEnv - ok

20:45:21.0965 2668        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

20:45:21.0990 2668        sffdisk - ok

20:45:22.0012 2668        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

20:45:22.0037 2668        sffp_mmc - ok

20:45:22.0055 2668        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

20:45:22.0069 2668        sffp_sd - ok

20:45:22.0098 2668        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

20:45:22.0124 2668        sfloppy - ok

20:45:22.0209 2668        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

20:45:22.0239 2668        SharedAccess - ok

20:45:22.0279 2668        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

20:45:22.0318 2668        ShellHWDetection - ok

20:45:22.0397 2668        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

20:45:22.0408 2668        sisagp - ok

20:45:22.0462 2668        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:45:22.0472 2668        SiSRaid2 - ok

20:45:22.0487 2668        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

20:45:22.0498 2668        SiSRaid4 - ok

20:45:22.0564 2668        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

20:45:22.0591 2668        Smb - ok

20:45:22.0638 2668        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

20:45:22.0652 2668        SNMPTRAP - ok

20:45:22.0681 2668        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

20:45:22.0689 2668        spldr - ok

20:45:22.0757 2668        Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

20:45:22.0794 2668        Spooler - ok

20:45:22.0883 2668        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

20:45:22.0945 2668        sppsvc - ok

20:45:23.0024 2668        sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

20:45:23.0060 2668        sppuinotify - ok

20:45:23.0119 2668        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

20:45:23.0143 2668        srv - ok

20:45:23.0188 2668        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

20:45:23.0212 2668        srv2 - ok

20:45:23.0261 2668        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

20:45:23.0275 2668        srvnet - ok

20:45:23.0304 2668        SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

20:45:23.0352 2668        SSDPSRV - ok

20:45:23.0405 2668        SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

20:45:23.0443 2668        SstpSvc - ok

20:45:23.0497 2668        Steam Client Service - ok

20:45:23.0591 2668        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

20:45:23.0602 2668        stexstor - ok

20:45:23.0642 2668        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

20:45:23.0675 2668        StiSvc - ok

20:45:23.0711 2668        storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

20:45:23.0721 2668        storflt - ok

20:45:23.0771 2668        StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

20:45:23.0796 2668        StorSvc - ok

20:45:23.0841 2668        storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

20:45:23.0851 2668        storvsc - ok

20:45:23.0871 2668        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

20:45:23.0881 2668        swenum - ok

20:45:23.0910 2668        swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

20:45:23.0943 2668        swprv - ok

20:45:24.0026 2668        SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

20:45:24.0055 2668        SysMain - ok

20:45:24.0098 2668        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

20:45:24.0125 2668        TabletInputService - ok

20:45:24.0204 2668        TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

20:45:24.0228 2668        TapiSrv - ok

20:45:24.0254 2668        TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

20:45:24.0283 2668        TBS - ok

20:45:24.0354 2668        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

20:45:24.0389 2668        Tcpip - ok

20:45:24.0441 2668        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

20:45:24.0465 2668        TCPIP6 - ok

20:45:24.0509 2668        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

20:45:24.0542 2668        tcpipreg - ok

20:45:24.0590 2668        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

20:45:24.0611 2668        TDPIPE - ok

20:45:24.0644 2668        TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

20:45:24.0653 2668        TDTCP - ok

20:45:24.0716 2668        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

20:45:24.0750 2668        tdx - ok

20:45:24.0792 2668        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

20:45:24.0800 2668        TermDD - ok

20:45:24.0843 2668        TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

20:45:24.0876 2668        TermService - ok

20:45:24.0927 2668        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

20:45:24.0940 2668        Themes - ok

20:45:24.0971 2668        THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

20:45:24.0992 2668        THREADORDER - ok

20:45:25.0002 2668        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

20:45:25.0030 2668        TrkWks - ok

20:45:25.0076 2668        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

20:45:25.0103 2668        TrustedInstaller - ok

20:45:25.0179 2668        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:45:25.0199 2668        tssecsrv - ok

20:45:25.0245 2668        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

20:45:25.0271 2668        TsUsbFlt - ok

20:45:25.0379 2668        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

20:45:25.0412 2668        tunnel - ok

20:45:25.0443 2668        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

20:45:25.0452 2668        uagp35 - ok

20:45:25.0479 2668        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

20:45:25.0525 2668        udfs - ok

20:45:25.0622 2668        UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

20:45:25.0670 2668        UI0Detect - ok

20:45:25.0786 2668        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

20:45:25.0797 2668        uliagpkx - ok

20:45:25.0895 2668        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

20:45:25.0915 2668        umbus - ok

20:45:25.0972 2668        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

20:45:26.0004 2668        UmPass - ok

20:45:26.0079 2668        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

20:45:26.0092 2668        UmRdpService - ok

20:45:26.0137 2668        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

20:45:26.0174 2668        upnphost - ok

20:45:26.0244 2668        usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

20:45:26.0262 2668        usbccgp - ok

20:45:26.0296 2668        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

20:45:26.0318 2668        usbcir - ok

20:45:26.0386 2668        usbehci         (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys

20:45:26.0408 2668        usbehci - ok

20:45:26.0429 2668        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

20:45:26.0464 2668        usbhub - ok

20:45:26.0494 2668        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

20:45:26.0515 2668        usbohci - ok

20:45:26.0595 2668        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

20:45:26.0610 2668        usbprint - ok

20:45:26.0646 2668        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

20:45:26.0660 2668        usbscan - ok

20:45:26.0707 2668        USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS

20:45:26.0731 2668        USBSTOR - ok

20:45:26.0774 2668        usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

20:45:26.0798 2668        usbuhci - ok

20:45:26.0821 2668        UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

20:45:26.0849 2668        UxSms - ok

20:45:26.0887 2668        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

20:45:26.0897 2668        VaultSvc - ok

20:45:26.0974 2668        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

20:45:26.0985 2668        vdrvroot - ok

20:45:27.0022 2668        vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

20:45:27.0048 2668        vds - ok

20:45:27.0090 2668        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

20:45:27.0116 2668        vga - ok

20:45:27.0157 2668        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

20:45:27.0183 2668        VgaSave - ok

20:45:27.0218 2668        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

20:45:27.0228 2668        vhdmp - ok

20:45:27.0282 2668        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

20:45:27.0293 2668        viaagp - ok

20:45:27.0359 2668        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

20:45:27.0387 2668        ViaC7 - ok

20:45:27.0408 2668        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

20:45:27.0418 2668        viaide - ok

20:45:27.0479 2668        vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

20:45:27.0491 2668        vmbus - ok

20:45:27.0627 2668        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

20:45:27.0638 2668        VMBusHID - ok

20:45:27.0744 2668        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

20:45:27.0754 2668        volmgr - ok

20:45:27.0809 2668        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

20:45:27.0824 2668        volmgrx - ok

20:45:27.0912 2668        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

20:45:27.0926 2668        volsnap - ok

20:45:27.0997 2668        vpnagent        (0e097e4d63e39fd2583db1cf5cfe3ad5) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

20:45:28.0012 2668        vpnagent - ok

20:45:28.0112 2668        vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys

20:45:28.0119 2668        vpnva - ok

20:45:28.0166 2668        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

20:45:28.0178 2668        vsmraid - ok

20:45:28.0233 2668        VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

20:45:28.0281 2668        VSS - ok

20:45:28.0352 2668        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

20:45:28.0371 2668        vwifibus - ok

20:45:28.0399 2668        W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

20:45:28.0431 2668        W32Time - ok

20:45:28.0450 2668        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

20:45:28.0465 2668        WacomPen - ok

20:45:28.0555 2668        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

20:45:28.0581 2668        WANARP - ok

20:45:28.0584 2668        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

20:45:28.0604 2668        Wanarpv6 - ok

20:45:28.0664 2668        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

20:45:28.0712 2668        wbengine - ok

20:45:28.0777 2668        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

20:45:28.0805 2668        WbioSrvc - ok

20:45:28.0851 2668        wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

20:45:28.0882 2668        wcncsvc - ok

20:45:28.0937 2668        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

20:45:28.0962 2668        WcsPlugInService - ok

20:45:29.0001 2668        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

20:45:29.0009 2668        Wd - ok

20:45:29.0050 2668        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

20:45:29.0069 2668        Wdf01000 - ok

20:45:29.0093 2668        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

20:45:29.0147 2668        WdiServiceHost - ok

20:45:29.0150 2668        WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

20:45:29.0165 2668        WdiSystemHost - ok

20:45:29.0238 2668        WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

20:45:29.0259 2668        WebClient - ok

20:45:29.0289 2668        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

20:45:29.0318 2668        Wecsvc - ok

20:45:29.0334 2668        wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

20:45:29.0373 2668        wercplsupport - ok

20:45:29.0411 2668        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

20:45:29.0434 2668        WerSvc - ok

20:45:29.0506 2668        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

20:45:29.0533 2668        WfpLwf - ok

20:45:29.0552 2668        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

20:45:29.0562 2668        WIMMount - ok

20:45:29.0637 2668        WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

20:45:29.0670 2668        WinDefend - ok

20:45:29.0674 2668        WinHttpAutoProxySvc - ok

20:45:29.0734 2668        Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

20:45:29.0779 2668        Winmgmt - ok

20:45:29.0840 2668        WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

20:45:29.0911 2668        WinRM - ok

20:45:30.0001 2668        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

20:45:30.0025 2668        WinUsb - ok

20:45:30.0081 2668        Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

20:45:30.0120 2668        Wlansvc - ok

20:45:30.0239 2668        wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:45:30.0274 2668        wlidsvc - ok

20:45:30.0364 2668        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

20:45:30.0376 2668        WmiAcpi - ok

20:45:30.0416 2668        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

20:45:30.0438 2668        wmiApSrv - ok

20:45:30.0520 2668        WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

20:45:30.0565 2668        WMPNetworkSvc - ok

20:45:30.0610 2668        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

20:45:30.0652 2668        WPCSvc - ok

20:45:30.0694 2668        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

20:45:30.0724 2668        WPDBusEnum - ok

20:45:30.0795 2668        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

20:45:30.0827 2668        ws2ifsl - ok

20:45:30.0862 2668        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

20:45:30.0884 2668        wscsvc - ok

20:45:30.0918 2668        WSearch - ok

20:45:30.0995 2668        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

20:45:31.0043 2668        wuauserv - ok

20:45:31.0199 2668        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

20:45:31.0225 2668        WudfPf - ok

20:45:31.0304 2668        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:45:31.0330 2668        WUDFRd - ok

20:45:31.0387 2668        wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

20:45:31.0414 2668        wudfsvc - ok

20:45:31.0440 2668        WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

20:45:31.0461 2668        WwanSvc - ok

20:45:31.0486 2668        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:45:31.0535 2668        \Device\Harddisk0\DR0 - ok

20:45:31.0538 2668        Boot (0x1200)   (e57cb482847bd2d2945b98cc83655df2) \Device\Harddisk0\DR0\Partition0

20:45:31.0539 2668        \Device\Harddisk0\DR0\Partition0 - ok

20:45:31.0542 2668        ============================================================

20:45:31.0542 2668        Scan finished

20:45:31.0542 2668        ============================================================

20:45:31.0551 1008        Detected object count: 0

20:45:31.0551 1008        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-04-09.05 - Dennis 09.04.2012  22:27:00.2.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3327.2441 [GMT 2:00]

ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-09 bis 2012-04-09  ))))))))))))))))))))))))))))))

.

.

2012-04-09 20:32 . 2012-04-09 20:32        --------        d-----w-        c:\users\Public\AppData\Local\temp

2012-04-09 20:32 . 2012-04-09 20:32        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-09 20:32 . 2012-04-09 20:32        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-04-09 18:24 . 2012-04-09 18:24        --------        d-----w-        C:\_OTL

2012-04-09 18:18 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2DDB6D0-C01D-4B4E-9400-896FDB18CE05}\mpengine.dll

2012-03-19 07:08 . 2012-03-19 07:08        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-19 07:08 . 2012-03-19 07:08        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll

2012-03-14 07:05 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 07:05 . 2012-02-03 03:54        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 07:05 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-14 07:05 . 2012-02-17 04:14        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-14 07:05 . 2012-02-17 04:13        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-14 07:05 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-14 07:05 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-14 07:05 . 2012-01-25 05:27        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-09 18:14 . 2012-01-08 20:43        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys

2012-02-23 08:18 . 2010-09-06 12:23        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-15 16:47 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll

2012-03-19 07:08 . 2011-05-17 17:29        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Octoshape Streaming Services"="c:\users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"Steam"="c:\program files\Steam\steam.exe" [2011-10-19 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-03-23 519632]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-03-23 77968]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-03-23 435152]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]

S3 AtcL001;NDIS-Miniporttreiber für L1-Gigabit-Ethernet-Controller von Atheros;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-24 102416]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 65649974

*Deregistered* - 65649974

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\c04gaci2.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-574817108-2488322332-2404880790-1000\Software\SecuROM\License information*]

"datasecu"=hex:fa,90,94,58,f5,f0,a2,cc,3d,84,a1,f2,f1,f3,c1,60,94,2c,63,62,f7,

   b9,75,2a,c6,f6,7d,29,ef,52,a1,cd,5c,c0,d3,a8,70,f7,1f,61,d3,1f,68,91,34,df,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-04-09  22:32:59

ComboFix-quarantined-files.txt  2012-04-09 20:32

ComboFix2.txt  2012-02-06 00:18

.

Vor Suchlauf: 10 Verzeichnis(se), 12.827.287.552 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 12.545.220.608 Bytes frei

.

- - End Of File - - 63FFD6C536FDB1B7C4537B923A254FB5

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hier schonmal GMER. Rest folgt dann gleich.

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-04-10 12:01:53

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6 ExcelStor_Technology_J8080S rev.P21OAB3A

Running: v48gv8xu.exe; Driver: C:\Users\Dennis\AppData\Local\Temp\pwdirpog.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKey + 13D1             82C4E369 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82C87D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x91412000, 0x352E10, 0xE8000020]

.text           C:\Windows\system32\DRIVERS\atksgt.sys    section is writeable [0x91DAE300, 0x3B6D8, 0xE8000020]

.text           C:\Windows\system32\DRIVERS\lirsgt.sys    section is writeable [0x91DF1300, 0x1BEE, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume17   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume17   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\00000049         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Disk sectors - GMER 1.0.15 ----
 

Disk            \Device\Harddisk0\DR0                     malicious Win32:MBRoot code @ sector 61

Disk            \Device\Harddisk0\DR0                     PE file @ sector 160810650
 

---- EOF - GMER 1.0.15 ----

Hier OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 12:05:31 on 10.04.2012
 

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"acsock" (acsock) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsock.sys

"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"catchme" (catchme) - ? - C:\Users\Dennis\AppData\Local\Temp\catchme.sys  (File not found)

"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"pwdirpog" (pwdirpog) - ? - C:\Users\Dennis\AppData\Local\Temp\pwdirpog.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Octoshape Streaming Services" - "Octoshape ApS" - "C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

"Steam" - "Valve Corporation" - "C:\Program Files\Steam\steam.exe" -silent

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Cisco AnyConnect Secure Mobility Agent for Windows" - "Cisco Systems, Inc." - "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-10 12:07:12

-----------------------------

12:07:12.264    OS Version: Windows 6.1.7601 Service Pack 1

12:07:12.264    Number of processors: 2 586 0x1706

12:07:12.265    ComputerName: DENNIS-PC  UserName: Dennis

12:07:13.057    Initialize success

12:09:37.854    AVAST engine defs: 12041001

12:09:46.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6

12:09:46.923    Disk 0 Vendor: ExcelStor_Technology_J8080S P21OAB3A Size: 78533MB BusType: 3

12:09:46.944    Disk 0 MBR read successfully

12:09:46.947    Disk 0 MBR scan

12:09:46.951    Disk 0 Windows 7 default MBR code

12:09:46.954    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        78520 MB offset 63

12:09:46.959    Disk 0 malicious Win32:MBRoot code @ sector 61 !

12:09:46.984    Disk 0 PE file @ sector 160810650 !

12:09:47.025    Disk 0 scanning C:\Windows\system32\drivers

12:10:06.509    Service scanning

12:10:28.143    Modules scanning

12:10:50.689    Disk 0 trace - called modules:

12:10:50.712    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

12:10:51.039    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863512e0]

12:10:51.045    3 CLASSPNP.SYS[8bddc59e] -> nt!IofCallDriver -> [0x85e90918]

12:10:51.050    5 ACPI.sys[8b8bb3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-6[0x86293908]

12:10:51.392    AVAST engine scan C:\Windows

12:10:54.766    AVAST engine scan C:\Windows\system32

12:13:00.559    AVAST engine scan C:\Windows\system32\drivers

12:13:10.494    AVAST engine scan C:\Users\Dennis

12:14:56.579    AVAST engine scan C:\ProgramData

12:19:30.362    Scan finished successfully

12:22:16.471    Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Desktop\MBR.dat"

12:22:16.475    The log file has been saved successfully to "C:\Users\Dennis\Desktop\aswMBR.txt"