Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows blockiert // OTL Files am Start (https://www.trojaner-board.de/112599-windows-blockiert-otl-files-start.html)

silber51 29.03.2012 17:56

Windows blockiert // OTL Files am Start
 
Moin,

wie der Titel schon sagt, habe ich ebenfalls diesen beliebten Schädling.
Habe ihn nun zum zweiten mal innerhalb von 3 Monaten, deswegen habe ich den Verdacht, dass ich ihn beim letzten Mal nicht richtig entfernt habe.

Bin direkt nach seinem Erscheinen in den abgesicherten Modus und habe Malwarebytes Antimalware laufen lassen. Das hat auch 3 infizierteObjekte gefunden und gelöscht, s.d. ich mittlerweile wieder in mein Benutzerkonto komme ( Mein Pc wird also nicht mehr blockiert). Trotzdem habe ich auch mal OTL laufen lassen, mit den Einstellungen, die ihr hier immer als erstes empfehlt.

Ich antworte mal mit den OTL Files.

OTL Logfile:
Code:

OTL logfile created on: 29.03.2012 18:21:00 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Dennis\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,42% Memory free
8,12 Gb Paging File | 7,29 Gb Available in Paging File | 89,82% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 10,61 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.29 18:19:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.21 20:00:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.04.20 05:56:47 | 000,083,240 | ---- | M] () [Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.03.31 15:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.03.31 15:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.27 04:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.04.20 05:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011.04.12 11:16:53 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/06/06 20:58:38] [Kernel | Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.04.03 17:24:01 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.04.03 17:24:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.03.24 00:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.03.24 00:25:14 | 000,077,968 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.10.27 04:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.09.24 14:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.09.06 14:19:10 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.10.30 10:21:03 | 000,075,072 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2008.05.20 15:29:43 | 000,052,032 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 60 AC F6 BC 4D CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ADCB2150-C46E-4F20-9CF5-7642C5AEE6EA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 09:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.08 22:12:02 | 000,000,000 | ---D | M]
 
[2010.09.06 14:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2010.10.19 23:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\c04gaci2.default\extensions
[2012.02.20 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.06 17:25:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.03.19 09:08:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [SkypePM] C:\Users\Dennis\AppData\Local\Skype\SkypePM.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A054398A-656C-4972-BB58-99CE217F7E34}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.10 14:28:49 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.03.10 14:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.thumbnails
[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\gegl-0.0
[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.gimp-2.6
[2012.03.10 14:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.03.10 14:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012.03.10 14:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.03.10 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\100MSDCF
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 18:23:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.03.29 18:22:00 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.29 18:22:00 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.29 18:22:00 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.29 18:22:00 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.29 18:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.29 18:17:12 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 17:24:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 17:24:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 19:01:08 | 000,283,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.10 14:49:50 | 000,002,112 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel
[2012.03.10 14:25:39 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.10 14:49:50 | 000,002,112 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel
[2012.03.10 14:25:39 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.02.06 02:09:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.06 02:09:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.06 02:09:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.06 02:09:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.06 02:09:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.15 18:41:18 | 000,000,215 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.06.29 22:58:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.21 21:38:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.03 17:24:01 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.04.03 17:24:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.10.08 00:42:06 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2010.09.22 20:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.09.06 14:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.03.10 14:49:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.03.29 17:20:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2012.01.08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Octoshape
[2010.10.10 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2012.03.27 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RayV
[2011.12.16 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TS3Client
[2011.04.03 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ubisoft
[2012.03.05 19:01:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.06 02:18:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.09.06 14:12:57 | 000,000,000 | ---D | M] -- C:\ATI
[2012.01.15 19:01:02 | 000,000,000 | ---D | M] -- C:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.06 14:09:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.10 14:25:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.08 22:42:30 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.09.06 14:09:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.06 02:18:31 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.09.06 14:09:44 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.03.27 08:52:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.09.06 14:09:52 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.06 02:17:22 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\ERDNT\cache\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.10 14:49:50 | 000,002,112 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel
[2012.03.29 18:35:36 | 004,194,304 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT
[2012.03.29 18:35:36 | 000,262,144 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat.LOG1
[2010.09.06 14:09:55 | 000,000,000 | -HS- | M] () -- C:\Users\Dennis\ntuser.dat.LOG2
[2010.09.06 15:01:11 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.09.06 15:01:11 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.09.06 15:01:11 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.09.06 14:09:55 | 000,000,020 | -HS- | M] () -- C:\Users\Dennis\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 29.03.2012 18:21:00 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Dennis\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,42% Memory free
8,12 Gb Paging File | 7,29 Gb Available in Paging File | 89,82% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 10,61 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{17D8DD6D-E1F9-F2CC-7CB4-6589129923CE}" = Catalyst Control Center Graphics Previews Vista
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{258236B1-6DFE-7363-E4C3-CDC6FCC03BF6}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{3595DD89-873E-6911-4AF0-47542B5C8073}" = ATI Catalyst Install Manager
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB05083-3621-D206-CB9B-68E8CDB139AD}" = CCC Help English
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C36BD6F-3C93-3ED7-A4EA-2D1D9A6E215B}" = Catalyst Control Center Graphics Previews Common
"{4E765B16-84C0-40FD-A33D-D58CC7C75603}" = UGS NX 5.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C457CDB-18B2-E0AA-F2DD-5A69AE2C0505}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AABB8DC0-EAD9-AB1A-481D-0780B0277FF7}" = AMD Drag and Drop Transcoding
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC84BA9D-B8B1-5723-ABE0-6BD8EA698A3F}" = WMV9/VC-1 Video Playback
"{ADA6637C-88B5-D2D6-E017-8F7C000CAC3E}" = ccc-core-static
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F90F9BCF-5138-4398-9F51-31DB55E940A4}" = UGS NX 7.5 Documentation
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"GPL Ghostscript" = GPL Ghostscript
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"PDF Blender" = PDF Blender
"RayV" = DTVblizzcon
"sp6" = Logitech SetPoint 6.32
"StarCraft II" = StarCraft II
"Steam App 400" = Portal
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2011 17:16:23 | Computer Name = Dennis-PC | Source = Wudf01000 | ID = 921877
Description =
 
Error - 14.11.2011 17:16:35 | Computer Name = Dennis-PC | Source = NtServicePack | ID = 921877
Description =
 
Error - 14.11.2011 17:30:29 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.11.2011 17:43:02 | Computer Name = Dennis-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 14.11.2011 17:44:09 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 21.11.2011 17:47:09 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 8fc    Startzeit:
01cca88ba46406b1    Endzeit: 25    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 5a029c06-148a-11e1-951a-001e8ca813b0 
 
Error - 15.01.2012 13:01:19 | Computer Name = Dennis-PC | Source = ESENT | ID = 215
Description = WinMail (3532) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 29.01.2012 17:01:44 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.4.2.20141 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: eb4    Startzeit:
01ccdec53e8bd6ad    Endzeit: 58    Anwendungspfad: C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe

Berichts-ID:
 6ff742d0-4abc-11e1-ba5f-001e8ca813b0 
 
Error - 05.02.2012 19:58:42 | Computer Name = Dennis-PC | Source = System Restore | ID = 8193
Description =
 
Error - 23.03.2012 13:09:48 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: xul.dll, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecb27  Ausnahmecode: 0xc0000005  Fehleroffset: 0x009f9e49  ID des fehlerhaften
 Prozesses: 0x1194  Startzeit der fehlerhaften Anwendung: 0x01cd0917bf4bb958  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung:
 fe454b22-750a-11e1-9841-001e8ca813b0
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE
 
Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE
 
Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4156
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar. 
 
Error - 29.03.2012 11:17:10 | Computer Name = Dennis-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1020 NULL object. Cannot establish a connection at this time.
 
Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen. 
 
Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown
 
Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen. 
 
Error - 29.03.2012 11:48:01 | Computer Name = Dennis-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
[ System Events ]
Error - 29.03.2012 12:24:33 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:26:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:26:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:26:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:31:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:31:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:31:41 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:33:47 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:33:47 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.03.2012 12:33:47 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >

--- --- ---

hoch damit!

cosinus 29.03.2012 22:16

Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

silber51 30.03.2012 09:10

Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.06

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Dennis :: DENNIS-PC [Administrator]

29.03.2012 18:24:21
mbam-log-2012-03-29 (18-24-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198331
Laufzeit: 3 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Trojan.Agent) -> Daten: C:\Users\Dennis\AppData\Local\Skype\SkypePM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Dennis\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dennis\AppData\Local\Temp\cgs8h0.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


cosinus 30.03.2012 12:06

Zwei Fragen:

1.) Funktioniert der normale Modus wieder?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

silber51 30.03.2012 14:06

Wie gesagt, der normale funktioniert wieder. Im Startmenü vermisse ich nichts, da sind auch keine leeren Ordner.

cosinus 30.03.2012 15:43

Gut, ich muss mich nur vorher vergewissern ;)
Mach bitte im normalen Modus ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


silber51 31.03.2012 08:12

Code:

OTL logfile created on: 31.03.2012 08:55:06 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Dennis\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 75,20% Memory free
8,12 Gb Paging File | 7,18 Gb Available in Paging File | 88,46% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 11,25 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.29 18:19:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe
PRC - [2012.03.21 20:00:26 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe
PRC - [2011.10.19 17:39:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.03.24 00:35:05 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.27 04:51:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.10.27 04:51:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.21 20:00:26 | 020,297,512 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.03.21 20:00:24 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll
MOD - [2012.03.21 20:00:24 | 000,907,048 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.03.21 20:00:24 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll
MOD - [2012.03.21 20:00:24 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll
MOD - [2012.02.19 11:05:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.19 11:05:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.19 11:05:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.19 11:05:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.19 11:04:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.19 11:04:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.19 11:04:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.01.16 11:04:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.26 23:45:26 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.21 20:00:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.27 04:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.04.03 17:24:01 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.04.03 17:24:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.03.24 00:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.03.24 00:25:14 | 000,077,968 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.10.27 05:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.10.27 04:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.09.24 14:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 60 AC F6 BC 4D CB 01  [binary data]
IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\..\SearchScopes\{ADCB2150-C46E-4F20-9CF5-7642C5AEE6EA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.29 19:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.29 19:19:54 | 000,000,000 | ---D | M]
 
[2010.09.06 14:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2010.10.19 23:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\c04gaci2.default\extensions
[2012.02.20 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.06 17:25:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.03.19 09:08:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000..\Run: [Octoshape Streaming Services] C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A054398A-656C-4972-BB58-99CE217F7E34}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.29 19:20:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.03.29 19:19:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.29 19:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.10 14:28:49 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.03.10 14:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.thumbnails
[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\gegl-0.0
[2012.03.10 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\.gimp-2.6
[2012.03.10 14:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.03.10 14:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012.03.10 14:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.03.10 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\100MSDCF
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.31 08:33:06 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.31 08:33:06 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.31 08:31:49 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.31 08:31:49 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.31 08:31:49 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.31 08:31:49 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.31 08:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.31 08:25:45 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 19:10:49 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.03.14 19:01:08 | 000,283,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.10 14:49:50 | 000,002,112 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel
[2012.03.10 14:25:39 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.29 19:10:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.03.29 19:10:49 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.03.10 14:49:50 | 000,002,112 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel
[2012.03.10 14:25:39 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.02.06 02:09:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.06 02:09:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.06 02:09:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.06 02:09:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.06 02:09:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.15 18:41:18 | 000,000,215 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.06.29 22:58:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.21 21:38:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.03 17:24:01 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.04.03 17:24:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.10.08 00:42:06 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2010.09.22 20:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.09.06 14:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.03.10 14:49:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.03.29 19:08:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2012.01.08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Octoshape
[2010.10.10 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2012.03.29 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RayV
[2011.12.16 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TS3Client
[2011.04.03 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ubisoft
[2012.03.05 19:01:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.09 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2010.09.28 13:43:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer
[2010.09.06 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ATI
[2011.06.06 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink
[2010.11.04 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GRETECH
[2012.03.10 14:49:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.03.29 19:08:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2010.09.06 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities
[2012.01.08 22:43:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2012.01.08 22:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Logishrd
[2012.01.08 22:44:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Logitech
[2010.09.06 15:06:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2011.10.01 00:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs
[2012.01.08 22:43:38 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2010.10.09 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Octoshape
[2010.10.10 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2012.03.29 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RayV
[2011.11.09 12:07:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Real
[2011.11.14 23:22:14 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM
[2011.09.17 14:08:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sun
[2010.09.06 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\teamspeak2
[2011.12.16 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TS3Client
[2011.04.03 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ubisoft
[2011.11.09 12:03:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc
[2010.09.09 12:35:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2007.03.22 12:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\GRETECH\GomTVStreamer\GrLauncher.exe
[2011.07.12 21:57:56 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.09.26 19:26:43 | 000,348,160 | ---- | M] (Octoshape ApS) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2012.01.08 22:43:38 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

Übrigens bin ich ab heute abend bis Ostern in Urlaub, kann also nicht an meinen PC.

cosinus 02.04.2012 09:32

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:

:OTL
[2011.09.06 17:25:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

silber51 09.04.2012 19:29

So bin wieder da. Habe gemacht, was du gesagt hast:


Code:

All processes killed
========== OTL ==========
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-574817108-2488322332-2404880790-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-574817108-2488322332-2404880790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dennis
->Temp folder emptied: 27812250 bytes
->Temporary Internet Files folder emptied: 26162236 bytes
->Java cache emptied: 1214806 bytes
->FireFox cache emptied: 356470637 bytes
->Flash cache emptied: 4237754 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108696 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 397,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Dennis
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04092012_202431

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


cosinus 09.04.2012 19:36

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

silber51 09.04.2012 19:46

Code:

20:44:34.0427 0572        TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37
20:44:34.0551 0572        ============================================================
20:44:34.0551 0572        Current date / time: 2012/04/09 20:44:34.0551
20:44:34.0551 0572        SystemInfo:
20:44:34.0551 0572       
20:44:34.0551 0572        OS Version: 6.1.7601 ServicePack: 1.0
20:44:34.0551 0572        Product type: Workstation
20:44:34.0551 0572        ComputerName: DENNIS-PC
20:44:34.0551 0572        UserName: Dennis
20:44:34.0551 0572        Windows directory: C:\Windows
20:44:34.0551 0572        System windows directory: C:\Windows
20:44:34.0552 0572        Processor architecture: Intel x86
20:44:34.0552 0572        Number of processors: 2
20:44:34.0552 0572        Page size: 0x1000
20:44:34.0552 0572        Boot type: Normal boot
20:44:34.0552 0572        ============================================================
20:44:35.0535 0572        Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:44:35.0536 0572        \Device\Harddisk0\DR0:
20:44:35.0537 0572        MBR used
20:44:35.0537 0572        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
20:44:35.0568 0572        Initialize success
20:44:35.0568 0572        ============================================================
20:44:57.0085 2668        ============================================================
20:44:57.0085 2668        Scan started
20:44:57.0085 2668        Mode: Manual; SigCheck; TDLFS;
20:44:57.0085 2668        ============================================================
20:44:57.0513 2668        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:44:57.0601 2668        1394ohci - ok
20:44:57.0658 2668        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:44:57.0673 2668        ACPI - ok
20:44:57.0763 2668        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:44:57.0813 2668        AcpiPmi - ok
20:44:57.0879 2668        acsock          (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys
20:44:58.0226 2668        acsock - ok
20:44:58.0326 2668        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:44:58.0346 2668        adp94xx - ok
20:44:58.0408 2668        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:44:58.0424 2668        adpahci - ok
20:44:58.0459 2668        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:44:58.0472 2668        adpu320 - ok
20:44:58.0522 2668        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:44:58.0560 2668        AeLookupSvc - ok
20:44:58.0652 2668        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:44:58.0699 2668        AFD - ok
20:44:58.0746 2668        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:44:58.0756 2668        agp440 - ok
20:44:58.0822 2668        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:44:58.0833 2668        aic78xx - ok
20:44:58.0878 2668        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:44:58.0911 2668        ALG - ok
20:44:58.0968 2668        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:44:58.0978 2668        aliide - ok
20:44:59.0048 2668        AMD External Events Utility (9ca186a6b4b2936246f5a13dcf6138a0) C:\Windows\system32\atiesrxx.exe
20:44:59.0092 2668        AMD External Events Utility - ok
20:44:59.0121 2668        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:44:59.0132 2668        amdagp - ok
20:44:59.0181 2668        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:44:59.0191 2668        amdide - ok
20:44:59.0249 2668        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:44:59.0294 2668        AmdK8 - ok
20:44:59.0496 2668        amdkmdag        (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
20:44:59.0694 2668        amdkmdag - ok
20:44:59.0799 2668        amdkmdap        (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
20:44:59.0828 2668        amdkmdap - ok
20:44:59.0870 2668        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:44:59.0909 2668        AmdPPM - ok
20:44:59.0990 2668        amdsata        (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
20:45:00.0002 2668        amdsata - ok
20:45:00.0019 2668        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:45:00.0031 2668        amdsbs - ok
20:45:00.0048 2668        amdxata        (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
20:45:00.0056 2668        amdxata - ok
20:45:00.0104 2668        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:45:00.0185 2668        AppID - ok
20:45:00.0267 2668        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:45:00.0300 2668        AppIDSvc - ok
20:45:00.0335 2668        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
20:45:00.0365 2668        Appinfo - ok
20:45:00.0441 2668        Apple Mobile Device (367592efca7ff8b4ce11ab6b0744e1e2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:45:00.0450 2668        Apple Mobile Device - ok
20:45:00.0506 2668        Application Updater (df7f37f2a23bd1b3a6721b328355dc91) C:\Program Files\Application Updater\ApplicationUpdater.exe
20:45:00.0523 2668        Application Updater - ok
20:45:00.0607 2668        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:45:00.0638 2668        AppMgmt - ok
20:45:00.0702 2668        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:45:00.0713 2668        arc - ok
20:45:00.0730 2668        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:45:00.0741 2668        arcsas - ok
20:45:00.0790 2668        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:00.0886 2668        AsyncMac - ok
20:45:00.0973 2668        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:45:00.0983 2668        atapi - ok
20:45:01.0021 2668        AtcL001        (3d8880a2cf21dcc057c8d9a194c41f10) C:\Windows\system32\DRIVERS\l160x86.sys
20:45:01.0049 2668        AtcL001 - ok
20:45:01.0178 2668        AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys
20:45:01.0186 2668        AtiHDAudioService - ok
20:45:01.0380 2668        atikmdag        (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
20:45:01.0457 2668        atikmdag - ok
20:45:01.0595 2668        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
20:45:01.0605 2668        atksgt - ok
20:45:01.0658 2668        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:45:01.0694 2668        AudioEndpointBuilder - ok
20:45:01.0701 2668        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:45:01.0725 2668        Audiosrv - ok
20:45:01.0807 2668        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
20:45:01.0856 2668        AxInstSV - ok
20:45:01.0914 2668        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:45:01.0950 2668        b06bdrv - ok
20:45:02.0039 2668        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:45:02.0052 2668        b57nd60x - ok
20:45:02.0091 2668        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:45:02.0143 2668        BDESVC - ok
20:45:02.0226 2668        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:45:02.0259 2668        Beep - ok
20:45:02.0328 2668        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
20:45:02.0368 2668        BFE - ok
20:45:02.0448 2668        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
20:45:02.0495 2668        BITS - ok
20:45:02.0536 2668        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:45:02.0559 2668        blbdrive - ok
20:45:02.0654 2668        Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
20:45:02.0661 2668        Bonjour Service - ok
20:45:02.0758 2668        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:45:02.0789 2668        bowser - ok
20:45:02.0815 2668        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:45:02.0860 2668        BrFiltLo - ok
20:45:02.0921 2668        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:45:02.0944 2668        BrFiltUp - ok
20:45:02.0987 2668        BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
20:45:03.0026 2668        BridgeMP - ok
20:45:03.0131 2668        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
20:45:03.0189 2668        Browser - ok
20:45:03.0246 2668        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:45:03.0301 2668        Brserid - ok
20:45:03.0348 2668        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:45:03.0376 2668        BrSerWdm - ok
20:45:03.0464 2668        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:45:03.0517 2668        BrUsbMdm - ok
20:45:03.0692 2668        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:45:03.0730 2668        BrUsbSer - ok
20:45:03.0797 2668        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:45:03.0818 2668        BTHMODEM - ok
20:45:03.0858 2668        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:45:03.0893 2668        bthserv - ok
20:45:03.0970 2668        catchme - ok
20:45:04.0044 2668        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:04.0078 2668        cdfs - ok
20:45:04.0146 2668        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
20:45:04.0168 2668        cdrom - ok
20:45:04.0242 2668        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:45:04.0284 2668        CertPropSvc - ok
20:45:04.0347 2668        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:45:04.0372 2668        circlass - ok
20:45:04.0430 2668        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:45:04.0445 2668        CLFS - ok
20:45:04.0498 2668        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:04.0507 2668        clr_optimization_v2.0.50727_32 - ok
20:45:04.0579 2668        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:45:04.0591 2668        CmBatt - ok
20:45:04.0622 2668        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:45:04.0632 2668        cmdide - ok
20:45:04.0692 2668        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:45:04.0715 2668        CNG - ok
20:45:04.0784 2668        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:45:04.0792 2668        Compbatt - ok
20:45:04.0836 2668        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:45:04.0865 2668        CompositeBus - ok
20:45:04.0892 2668        COMSysApp - ok
20:45:04.0912 2668        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:45:04.0920 2668        crcdisk - ok
20:45:04.0998 2668        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
20:45:05.0035 2668        CryptSvc - ok
20:45:05.0092 2668        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:45:05.0122 2668        CSC - ok
20:45:05.0182 2668        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
20:45:05.0221 2668        CscService - ok
20:45:05.0277 2668        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:45:05.0308 2668        DcomLaunch - ok
20:45:05.0351 2668        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:45:05.0386 2668        defragsvc - ok
20:45:05.0481 2668        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:45:05.0524 2668        DfsC - ok
20:45:05.0603 2668        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
20:45:05.0643 2668        Dhcp - ok
20:45:05.0716 2668        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:45:05.0753 2668        discache - ok
20:45:05.0789 2668        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:45:05.0800 2668        Disk - ok
20:45:05.0836 2668        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
20:45:05.0871 2668        Dnscache - ok
20:45:05.0933 2668        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
20:45:05.0970 2668        dot3svc - ok
20:45:06.0025 2668        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
20:45:06.0066 2668        DPS - ok
20:45:06.0148 2668        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:45:06.0171 2668        drmkaud - ok
20:45:06.0235 2668        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:06.0255 2668        DXGKrnl - ok
20:45:06.0286 2668        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:45:06.0332 2668        EapHost - ok
20:45:06.0464 2668        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:45:06.0528 2668        ebdrv - ok
20:45:06.0597 2668        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
20:45:06.0627 2668        EFS - ok
20:45:06.0684 2668        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
20:45:06.0728 2668        ehRecvr - ok
20:45:06.0770 2668        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:45:06.0800 2668        ehSched - ok
20:45:06.0891 2668        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:45:06.0910 2668        elxstor - ok
20:45:06.0959 2668        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:45:06.0987 2668        ErrDev - ok
20:45:07.0049 2668        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:45:07.0093 2668        EventSystem - ok
20:45:07.0158 2668        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:45:07.0190 2668        exfat - ok
20:45:07.0220 2668        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:45:07.0248 2668        fastfat - ok
20:45:07.0317 2668        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
20:45:07.0350 2668        Fax - ok
20:45:07.0397 2668        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:45:07.0412 2668        fdc - ok
20:45:07.0457 2668        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:45:07.0494 2668        fdPHost - ok
20:45:07.0513 2668        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:45:07.0546 2668        FDResPub - ok
20:45:07.0599 2668        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:45:07.0610 2668        FileInfo - ok
20:45:07.0646 2668        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:45:07.0688 2668        Filetrace - ok
20:45:07.0712 2668        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:07.0733 2668        flpydisk - ok
20:45:07.0781 2668        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:45:07.0794 2668        FltMgr - ok
20:45:07.0865 2668        FontCache      (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
20:45:07.0908 2668        FontCache - ok
20:45:07.0962 2668        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:45:07.0970 2668        FontCache3.0.0.0 - ok
20:45:08.0044 2668        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:45:08.0054 2668        FsDepends - ok
20:45:08.0070 2668        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:08.0080 2668        Fs_Rec - ok
20:45:08.0132 2668        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:45:08.0148 2668        fvevol - ok
20:45:08.0242 2668        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:45:08.0254 2668        gagp30kx - ok
20:45:08.0300 2668        GEARAspiWDM    (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:45:08.0307 2668        GEARAspiWDM - ok
20:45:08.0357 2668        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
20:45:08.0400 2668        gpsvc - ok
20:45:08.0478 2668        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:45:08.0512 2668        hcw85cir - ok
20:45:08.0571 2668        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:45:08.0603 2668        HdAudAddService - ok
20:45:08.0712 2668        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:45:08.0741 2668        HDAudBus - ok
20:45:08.0776 2668        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:45:08.0798 2668        HidBatt - ok
20:45:08.0820 2668        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:45:08.0851 2668        HidBth - ok
20:45:08.0916 2668        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:45:08.0930 2668        HidIr - ok
20:45:08.0954 2668        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
20:45:08.0991 2668        hidserv - ok
20:45:09.0051 2668        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
20:45:09.0063 2668        HidUsb - ok
20:45:09.0137 2668        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
20:45:09.0170 2668        hkmsvc - ok
20:45:09.0207 2668        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
20:45:09.0234 2668        HomeGroupListener - ok
20:45:09.0268 2668        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
20:45:09.0302 2668        HomeGroupProvider - ok
20:45:09.0398 2668        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:45:09.0409 2668        HpSAMD - ok
20:45:09.0470 2668        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:45:09.0502 2668        HTTP - ok
20:45:09.0558 2668        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:45:09.0567 2668        hwpolicy - ok
20:45:09.0651 2668        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:45:09.0676 2668        i8042prt - ok
20:45:09.0748 2668        iaStorV        (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
20:45:09.0764 2668        iaStorV - ok
20:45:09.0834 2668        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:45:09.0859 2668        idsvc - ok
20:45:09.0950 2668        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:45:09.0961 2668        iirsp - ok
20:45:10.0027 2668        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
20:45:10.0076 2668        IKEEXT - ok
20:45:10.0148 2668        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:45:10.0157 2668        intelide - ok
20:45:10.0188 2668        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:10.0208 2668        intelppm - ok
20:45:10.0229 2668        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:45:10.0272 2668        IPBusEnum - ok
20:45:10.0348 2668        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:10.0389 2668        IpFilterDriver - ok
20:45:10.0458 2668        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
20:45:10.0508 2668        iphlpsvc - ok
20:45:10.0591 2668        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:45:10.0608 2668        IPMIDRV - ok
20:45:10.0644 2668        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:45:10.0681 2668        IPNAT - ok
20:45:10.0756 2668        iPod Service    (5c7538b244e439df39388da28e0a18d1) C:\Program Files\iPod\bin\iPodService.exe
20:45:10.0774 2668        iPod Service - ok
20:45:10.0868 2668        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:45:10.0883 2668        IRENUM - ok
20:45:10.0922 2668        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:45:10.0933 2668        isapnp - ok
20:45:10.0974 2668        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:45:10.0989 2668        iScsiPrt - ok
20:45:11.0065 2668        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:45:11.0075 2668        kbdclass - ok
20:45:11.0099 2668        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:45:11.0127 2668        kbdhid - ok
20:45:11.0155 2668        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:45:11.0168 2668        KeyIso - ok
20:45:11.0184 2668        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:45:11.0194 2668        KSecDD - ok
20:45:11.0256 2668        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:45:11.0268 2668        KSecPkg - ok
20:45:11.0298 2668        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:45:11.0331 2668        KtmRm - ok
20:45:11.0373 2668        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
20:45:11.0406 2668        LanmanServer - ok
20:45:11.0482 2668        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
20:45:11.0528 2668        LanmanWorkstation - ok
20:45:11.0665 2668        LBTServ        (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:45:11.0679 2668        LBTServ - ok
20:45:11.0777 2668        LHidFilt        (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:45:11.0785 2668        LHidFilt - ok
20:45:11.0848 2668        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
20:45:11.0855 2668        lirsgt - ok
20:45:11.0955 2668        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:11.0998 2668        lltdio - ok
20:45:12.0035 2668        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:45:12.0064 2668        lltdsvc - ok
20:45:12.0080 2668        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:45:12.0109 2668        lmhosts - ok
20:45:12.0196 2668        LMouFilt        (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:45:12.0204 2668        LMouFilt - ok
20:45:12.0244 2668        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:45:12.0255 2668        LSI_FC - ok
20:45:12.0269 2668        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:45:12.0280 2668        LSI_SAS - ok
20:45:12.0353 2668        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:45:12.0364 2668        LSI_SAS2 - ok
20:45:12.0382 2668        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:45:12.0393 2668        LSI_SCSI - ok
20:45:12.0414 2668        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:45:12.0441 2668        luafv - ok
20:45:12.0477 2668        LUsbFilt        (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\Windows\system32\Drivers\LUsbFilt.Sys
20:45:12.0484 2668        LUsbFilt - ok
20:45:12.0519 2668        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
20:45:12.0533 2668        Mcx2Svc - ok
20:45:12.0564 2668        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:45:12.0574 2668        megasas - ok
20:45:12.0662 2668        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:45:12.0676 2668        MegaSR - ok
20:45:12.0706 2668        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:45:12.0745 2668        MMCSS - ok
20:45:12.0773 2668        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:45:12.0793 2668        Modem - ok
20:45:12.0882 2668        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:45:12.0907 2668        monitor - ok
20:45:12.0951 2668        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:45:12.0961 2668        mouclass - ok
20:45:13.0065 2668        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:13.0097 2668        mouhid - ok
20:45:13.0131 2668        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:45:13.0142 2668        mountmgr - ok
20:45:13.0174 2668        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:45:13.0186 2668        mpio - ok
20:45:13.0272 2668        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:45:13.0304 2668        mpsdrv - ok
20:45:13.0353 2668        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
20:45:13.0412 2668        MpsSvc - ok
20:45:13.0496 2668        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:45:13.0512 2668        MRxDAV - ok
20:45:13.0581 2668        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:13.0635 2668        mrxsmb - ok
20:45:13.0742 2668        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:13.0769 2668        mrxsmb10 - ok
20:45:13.0807 2668        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:13.0839 2668        mrxsmb20 - ok
20:45:13.0919 2668        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:45:13.0929 2668        msahci - ok
20:45:13.0955 2668        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:45:13.0967 2668        msdsm - ok
20:45:13.0990 2668        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:45:14.0014 2668        MSDTC - ok
20:45:14.0040 2668        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:45:14.0067 2668        Msfs - ok
20:45:14.0141 2668        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:45:14.0184 2668        mshidkmdf - ok
20:45:14.0215 2668        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:45:14.0222 2668        msisadrv - ok
20:45:14.0267 2668        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:45:14.0307 2668        MSiSCSI - ok
20:45:14.0345 2668        msiserver - ok
20:45:14.0403 2668        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:14.0441 2668        MSKSSRV - ok
20:45:14.0464 2668        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:14.0495 2668        MSPCLOCK - ok
20:45:14.0559 2668        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:45:14.0597 2668        MSPQM - ok
20:45:14.0622 2668        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:45:14.0634 2668        MsRPC - ok
20:45:14.0683 2668        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:45:14.0693 2668        mssmbios - ok
20:45:14.0773 2668        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:45:14.0799 2668        MSTEE - ok
20:45:14.0812 2668        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:45:14.0838 2668        MTConfig - ok
20:45:14.0853 2668        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:45:14.0863 2668        Mup - ok
20:45:14.0911 2668        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
20:45:14.0942 2668        napagent - ok
20:45:15.0014 2668        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:15.0033 2668        NativeWifiP - ok
20:45:15.0099 2668        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:45:15.0122 2668        NDIS - ok
20:45:15.0192 2668        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:45:15.0228 2668        NdisCap - ok
20:45:15.0262 2668        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:15.0296 2668        NdisTapi - ok
20:45:15.0374 2668        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:15.0399 2668        Ndisuio - ok
20:45:15.0432 2668        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:15.0457 2668        NdisWan - ok
20:45:15.0528 2668        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:45:15.0594 2668        NDProxy - ok
20:45:15.0724 2668        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:45:15.0763 2668        NetBIOS - ok
20:45:15.0828 2668        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:45:15.0872 2668        NetBT - ok
20:45:15.0938 2668        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:45:15.0950 2668        Netlogon - ok
20:45:16.0004 2668        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:45:16.0047 2668        Netman - ok
20:45:16.0090 2668        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:45:16.0137 2668        netprofm - ok
20:45:16.0215 2668        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:45:16.0225 2668        NetTcpPortSharing - ok
20:45:16.0334 2668        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:45:16.0344 2668        nfrd960 - ok
20:45:16.0384 2668        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
20:45:16.0427 2668        NlaSvc - ok
20:45:16.0446 2668        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:45:16.0475 2668        Npfs - ok
20:45:16.0518 2668        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:45:16.0540 2668        nsi - ok
20:45:16.0587 2668        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:45:16.0618 2668        nsiproxy - ok
20:45:16.0675 2668        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
20:45:16.0702 2668        Ntfs - ok
20:45:16.0778 2668        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:45:16.0803 2668        Null - ok
20:45:16.0847 2668        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
20:45:16.0857 2668        nvraid - ok
20:45:16.0890 2668        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
20:45:16.0903 2668        nvstor - ok
20:45:16.0977 2668        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:45:16.0989 2668        nv_agp - ok
20:45:17.0003 2668        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:45:17.0025 2668        ohci1394 - ok
20:45:17.0048 2668        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:45:17.0093 2668        p2pimsvc - ok
20:45:17.0137 2668        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:45:17.0155 2668        p2psvc - ok
20:45:17.0201 2668        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:45:17.0229 2668        Parport - ok
20:45:17.0266 2668        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:45:17.0276 2668        partmgr - ok
20:45:17.0320 2668        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:45:17.0343 2668        Parvdm - ok
20:45:17.0371 2668        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:45:17.0390 2668        PcaSvc - ok
20:45:17.0431 2668        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:45:17.0443 2668        pci - ok
20:45:17.0487 2668        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:45:17.0497 2668        pciide - ok
20:45:17.0531 2668        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:45:17.0544 2668        pcmcia - ok
20:45:17.0562 2668        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:45:17.0572 2668        pcw - ok
20:45:17.0616 2668        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:45:17.0649 2668        PEAUTH - ok
20:45:17.0717 2668        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:45:17.0760 2668        PeerDistSvc - ok
20:45:17.0838 2668        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
20:45:17.0887 2668        pla - ok
20:45:17.0968 2668        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
20:45:17.0996 2668        PlugPlay - ok
20:45:18.0031 2668        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:45:18.0051 2668        PNRPAutoReg - ok
20:45:18.0098 2668        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:45:18.0114 2668        PNRPsvc - ok
20:45:18.0155 2668        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
20:45:18.0186 2668        PolicyAgent - ok
20:45:18.0215 2668        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
20:45:18.0242 2668        Power - ok
20:45:18.0319 2668        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:18.0352 2668        PptpMiniport - ok
20:45:18.0376 2668        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:45:18.0398 2668        Processor - ok
20:45:18.0455 2668        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
20:45:18.0484 2668        ProfSvc - ok
20:45:18.0546 2668        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:45:18.0558 2668        ProtectedStorage - ok
20:45:18.0614 2668        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:45:18.0652 2668        Psched - ok
20:45:18.0704 2668        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:45:18.0734 2668        ql2300 - ok
20:45:18.0807 2668        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:45:18.0818 2668        ql40xx - ok
20:45:18.0861 2668        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:45:18.0892 2668        QWAVE - ok
20:45:18.0955 2668        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:45:18.0970 2668        QWAVEdrv - ok
20:45:18.0990 2668        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:19.0017 2668        RasAcd - ok
20:45:19.0053 2668        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:45:19.0094 2668        RasAgileVpn - ok
20:45:19.0157 2668        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:45:19.0186 2668        RasAuto - ok
20:45:19.0236 2668        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:19.0277 2668        Rasl2tp - ok
20:45:19.0365 2668        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
20:45:19.0404 2668        RasMan - ok
20:45:19.0460 2668        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:19.0498 2668        RasPppoe - ok
20:45:19.0548 2668        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:19.0581 2668        RasSstp - ok
20:45:19.0616 2668        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:19.0650 2668        rdbss - ok
20:45:19.0689 2668        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:45:19.0711 2668        rdpbus - ok
20:45:19.0767 2668        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:19.0807 2668        RDPCDD - ok
20:45:19.0846 2668        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:45:19.0873 2668        RDPDR - ok
20:45:19.0967 2668        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:45:19.0998 2668        RDPENCDD - ok
20:45:20.0014 2668        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:45:20.0033 2668        RDPREFMP - ok
20:45:20.0072 2668        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
20:45:20.0099 2668        RDPWD - ok
20:45:20.0206 2668        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:45:20.0218 2668        rdyboost - ok
20:45:20.0236 2668        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:45:20.0276 2668        RemoteAccess - ok
20:45:20.0308 2668        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:45:20.0338 2668        RemoteRegistry - ok
20:45:20.0384 2668        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:45:20.0413 2668        RpcEptMapper - ok
20:45:20.0439 2668        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:45:20.0464 2668        RpcLocator - ok
20:45:20.0501 2668        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:45:20.0528 2668        RpcSs - ok
20:45:20.0605 2668        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:20.0633 2668        rspndr - ok
20:45:20.0676 2668        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:45:20.0705 2668        s3cap - ok
20:45:20.0770 2668        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:45:20.0783 2668        SamSs - ok
20:45:20.0821 2668        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:45:20.0833 2668        sbp2port - ok
20:45:20.0869 2668        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:45:20.0907 2668        SCardSvr - ok
20:45:20.0971 2668        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:45:21.0001 2668        scfilter - ok
20:45:21.0053 2668        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
20:45:21.0090 2668        Schedule - ok
20:45:21.0157 2668        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:45:21.0181 2668        SCPolicySvc - ok
20:45:21.0204 2668        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
20:45:21.0235 2668        SDRSVC - ok
20:45:21.0287 2668        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:45:21.0315 2668        secdrv - ok
20:45:21.0370 2668        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:45:21.0401 2668        seclogon - ok
20:45:21.0417 2668        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
20:45:21.0453 2668        SENS - ok
20:45:21.0491 2668        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:45:21.0513 2668        SensrSvc - ok
20:45:21.0593 2668        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:45:21.0621 2668        Serenum - ok
20:45:21.0641 2668        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:45:21.0658 2668        Serial - ok
20:45:21.0763 2668        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:45:21.0791 2668        sermouse - ok
20:45:21.0840 2668        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
20:45:21.0886 2668        SessionEnv - ok
20:45:21.0965 2668        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:45:21.0990 2668        sffdisk - ok
20:45:22.0012 2668        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:45:22.0037 2668        sffp_mmc - ok
20:45:22.0055 2668        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:45:22.0069 2668        sffp_sd - ok
20:45:22.0098 2668        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:45:22.0124 2668        sfloppy - ok
20:45:22.0209 2668        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:45:22.0239 2668        SharedAccess - ok
20:45:22.0279 2668        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
20:45:22.0318 2668        ShellHWDetection - ok
20:45:22.0397 2668        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:45:22.0408 2668        sisagp - ok
20:45:22.0462 2668        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:45:22.0472 2668        SiSRaid2 - ok
20:45:22.0487 2668        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:45:22.0498 2668        SiSRaid4 - ok
20:45:22.0564 2668        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:45:22.0591 2668        Smb - ok
20:45:22.0638 2668        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:45:22.0652 2668        SNMPTRAP - ok
20:45:22.0681 2668        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:45:22.0689 2668        spldr - ok
20:45:22.0757 2668        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
20:45:22.0794 2668        Spooler - ok
20:45:22.0883 2668        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
20:45:22.0945 2668        sppsvc - ok
20:45:23.0024 2668        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
20:45:23.0060 2668        sppuinotify - ok
20:45:23.0119 2668        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:45:23.0143 2668        srv - ok
20:45:23.0188 2668        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:45:23.0212 2668        srv2 - ok
20:45:23.0261 2668        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:23.0275 2668        srvnet - ok
20:45:23.0304 2668        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:45:23.0352 2668        SSDPSRV - ok
20:45:23.0405 2668        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:45:23.0443 2668        SstpSvc - ok
20:45:23.0497 2668        Steam Client Service - ok
20:45:23.0591 2668        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:45:23.0602 2668        stexstor - ok
20:45:23.0642 2668        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
20:45:23.0675 2668        StiSvc - ok
20:45:23.0711 2668        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:45:23.0721 2668        storflt - ok
20:45:23.0771 2668        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
20:45:23.0796 2668        StorSvc - ok
20:45:23.0841 2668        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:45:23.0851 2668        storvsc - ok
20:45:23.0871 2668        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:45:23.0881 2668        swenum - ok
20:45:23.0910 2668        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:45:23.0943 2668        swprv - ok
20:45:24.0026 2668        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
20:45:24.0055 2668        SysMain - ok
20:45:24.0098 2668        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
20:45:24.0125 2668        TabletInputService - ok
20:45:24.0204 2668        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
20:45:24.0228 2668        TapiSrv - ok
20:45:24.0254 2668        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:45:24.0283 2668        TBS - ok
20:45:24.0354 2668        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:45:24.0389 2668        Tcpip - ok
20:45:24.0441 2668        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:24.0465 2668        TCPIP6 - ok
20:45:24.0509 2668        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:45:24.0542 2668        tcpipreg - ok
20:45:24.0590 2668        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:45:24.0611 2668        TDPIPE - ok
20:45:24.0644 2668        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
20:45:24.0653 2668        TDTCP - ok
20:45:24.0716 2668        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:45:24.0750 2668        tdx - ok
20:45:24.0792 2668        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:45:24.0800 2668        TermDD - ok
20:45:24.0843 2668        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
20:45:24.0876 2668        TermService - ok
20:45:24.0927 2668        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:45:24.0940 2668        Themes - ok
20:45:24.0971 2668        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:45:24.0992 2668        THREADORDER - ok
20:45:25.0002 2668        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:45:25.0030 2668        TrkWks - ok
20:45:25.0076 2668        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
20:45:25.0103 2668        TrustedInstaller - ok
20:45:25.0179 2668        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:25.0199 2668        tssecsrv - ok
20:45:25.0245 2668        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:45:25.0271 2668        TsUsbFlt - ok
20:45:25.0379 2668        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:25.0412 2668        tunnel - ok
20:45:25.0443 2668        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:45:25.0452 2668        uagp35 - ok
20:45:25.0479 2668        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:45:25.0525 2668        udfs - ok
20:45:25.0622 2668        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:45:25.0670 2668        UI0Detect - ok
20:45:25.0786 2668        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:45:25.0797 2668        uliagpkx - ok
20:45:25.0895 2668        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:45:25.0915 2668        umbus - ok
20:45:25.0972 2668        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:45:26.0004 2668        UmPass - ok
20:45:26.0079 2668        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
20:45:26.0092 2668        UmRdpService - ok
20:45:26.0137 2668        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:45:26.0174 2668        upnphost - ok
20:45:26.0244 2668        usbccgp        (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
20:45:26.0262 2668        usbccgp - ok
20:45:26.0296 2668        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:45:26.0318 2668        usbcir - ok
20:45:26.0386 2668        usbehci        (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
20:45:26.0408 2668        usbehci - ok
20:45:26.0429 2668        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
20:45:26.0464 2668        usbhub - ok
20:45:26.0494 2668        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
20:45:26.0515 2668        usbohci - ok
20:45:26.0595 2668        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:26.0610 2668        usbprint - ok
20:45:26.0646 2668        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:26.0660 2668        usbscan - ok
20:45:26.0707 2668        USBSTOR        (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
20:45:26.0731 2668        USBSTOR - ok
20:45:26.0774 2668        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
20:45:26.0798 2668        usbuhci - ok
20:45:26.0821 2668        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:45:26.0849 2668        UxSms - ok
20:45:26.0887 2668        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:45:26.0897 2668        VaultSvc - ok
20:45:26.0974 2668        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:45:26.0985 2668        vdrvroot - ok
20:45:27.0022 2668        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
20:45:27.0048 2668        vds - ok
20:45:27.0090 2668        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:27.0116 2668        vga - ok
20:45:27.0157 2668        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:45:27.0183 2668        VgaSave - ok
20:45:27.0218 2668        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:45:27.0228 2668        vhdmp - ok
20:45:27.0282 2668        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:45:27.0293 2668        viaagp - ok
20:45:27.0359 2668        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:45:27.0387 2668        ViaC7 - ok
20:45:27.0408 2668        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:45:27.0418 2668        viaide - ok
20:45:27.0479 2668        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:45:27.0491 2668        vmbus - ok
20:45:27.0627 2668        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:45:27.0638 2668        VMBusHID - ok
20:45:27.0744 2668        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:45:27.0754 2668        volmgr - ok
20:45:27.0809 2668        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:45:27.0824 2668        volmgrx - ok
20:45:27.0912 2668        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:45:27.0926 2668        volsnap - ok
20:45:27.0997 2668        vpnagent        (0e097e4d63e39fd2583db1cf5cfe3ad5) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:45:28.0012 2668        vpnagent - ok
20:45:28.0112 2668        vpnva          (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
20:45:28.0119 2668        vpnva - ok
20:45:28.0166 2668        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:45:28.0178 2668        vsmraid - ok
20:45:28.0233 2668        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
20:45:28.0281 2668        VSS - ok
20:45:28.0352 2668        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:45:28.0371 2668        vwifibus - ok
20:45:28.0399 2668        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:45:28.0431 2668        W32Time - ok
20:45:28.0450 2668        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:45:28.0465 2668        WacomPen - ok
20:45:28.0555 2668        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:28.0581 2668        WANARP - ok
20:45:28.0584 2668        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:28.0604 2668        Wanarpv6 - ok
20:45:28.0664 2668        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
20:45:28.0712 2668        wbengine - ok
20:45:28.0777 2668        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:45:28.0805 2668        WbioSrvc - ok
20:45:28.0851 2668        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
20:45:28.0882 2668        wcncsvc - ok
20:45:28.0937 2668        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:45:28.0962 2668        WcsPlugInService - ok
20:45:29.0001 2668        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:45:29.0009 2668        Wd - ok
20:45:29.0050 2668        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:45:29.0069 2668        Wdf01000 - ok
20:45:29.0093 2668        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:45:29.0147 2668        WdiServiceHost - ok
20:45:29.0150 2668        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:45:29.0165 2668        WdiSystemHost - ok
20:45:29.0238 2668        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
20:45:29.0259 2668        WebClient - ok
20:45:29.0289 2668        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:45:29.0318 2668        Wecsvc - ok
20:45:29.0334 2668        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:45:29.0373 2668        wercplsupport - ok
20:45:29.0411 2668        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:45:29.0434 2668        WerSvc - ok
20:45:29.0506 2668        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:45:29.0533 2668        WfpLwf - ok
20:45:29.0552 2668        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:45:29.0562 2668        WIMMount - ok
20:45:29.0637 2668        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:45:29.0670 2668        WinDefend - ok
20:45:29.0674 2668        WinHttpAutoProxySvc - ok
20:45:29.0734 2668        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:45:29.0779 2668        Winmgmt - ok
20:45:29.0840 2668        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
20:45:29.0911 2668        WinRM - ok
20:45:30.0001 2668        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:45:30.0025 2668        WinUsb - ok
20:45:30.0081 2668        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:45:30.0120 2668        Wlansvc - ok
20:45:30.0239 2668        wlidsvc        (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:45:30.0274 2668        wlidsvc - ok
20:45:30.0364 2668        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:45:30.0376 2668        WmiAcpi - ok
20:45:30.0416 2668        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:45:30.0438 2668        wmiApSrv - ok
20:45:30.0520 2668        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:45:30.0565 2668        WMPNetworkSvc - ok
20:45:30.0610 2668        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:45:30.0652 2668        WPCSvc - ok
20:45:30.0694 2668        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
20:45:30.0724 2668        WPDBusEnum - ok
20:45:30.0795 2668        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:30.0827 2668        ws2ifsl - ok
20:45:30.0862 2668        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
20:45:30.0884 2668        wscsvc - ok
20:45:30.0918 2668        WSearch - ok
20:45:30.0995 2668        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
20:45:31.0043 2668        wuauserv - ok
20:45:31.0199 2668        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:45:31.0225 2668        WudfPf - ok
20:45:31.0304 2668        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:31.0330 2668        WUDFRd - ok
20:45:31.0387 2668        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
20:45:31.0414 2668        wudfsvc - ok
20:45:31.0440 2668        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:45:31.0461 2668        WwanSvc - ok
20:45:31.0486 2668        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:45:31.0535 2668        \Device\Harddisk0\DR0 - ok
20:45:31.0538 2668        Boot (0x1200)  (e57cb482847bd2d2945b98cc83655df2) \Device\Harddisk0\DR0\Partition0
20:45:31.0539 2668        \Device\Harddisk0\DR0\Partition0 - ok
20:45:31.0542 2668        ============================================================
20:45:31.0542 2668        Scan finished
20:45:31.0542 2668        ============================================================
20:45:31.0551 1008        Detected object count: 0
20:45:31.0551 1008        Actual detected object count: 0


cosinus 09.04.2012 19:47

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

silber51 09.04.2012 21:34

Code:

ComboFix 12-04-09.05 - Dennis 09.04.2012  22:27:00.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3327.2441 [GMT 2:00]
ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-09 bis 2012-04-09  ))))))))))))))))))))))))))))))
.
.
2012-04-09 20:32 . 2012-04-09 20:32        --------        d-----w-        c:\users\Public\AppData\Local\temp
2012-04-09 20:32 . 2012-04-09 20:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-09 20:32 . 2012-04-09 20:32        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2012-04-09 18:24 . 2012-04-09 18:24        --------        d-----w-        C:\_OTL
2012-04-09 18:18 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2DDB6D0-C01D-4B4E-9400-896FDB18CE05}\mpengine.dll
2012-03-19 07:08 . 2012-03-19 07:08        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 07:08 . 2012-03-19 07:08        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 07:05 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 07:05 . 2012-02-03 03:54        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 07:05 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 07:05 . 2012-02-17 04:14        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:05 . 2012-02-17 04:13        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 07:05 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 07:05 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:05 . 2012-01-25 05:27        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 18:14 . 2012-01-08 20:43        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-02-23 08:18 . 2010-09-06 12:23        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-15 16:47 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-19 07:08 . 2011-05-17 17:29        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Steam"="c:\program files\Steam\steam.exe" [2011-10-19 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-03-23 519632]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-03-23 77968]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-03-23 435152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 AtcL001;NDIS-Miniporttreiber für L1-Gigabit-Ethernet-Controller von Atheros;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-24 102416]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 65649974
*Deregistered* - 65649974
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\c04gaci2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-574817108-2488322332-2404880790-1000\Software\SecuROM\License information*]
"datasecu"=hex:fa,90,94,58,f5,f0,a2,cc,3d,84,a1,f2,f1,f3,c1,60,94,2c,63,62,f7,
  b9,75,2a,c6,f6,7d,29,ef,52,a1,cd,5c,c0,d3,a8,70,f7,1f,61,d3,1f,68,91,34,df,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-09  22:32:59
ComboFix-quarantined-files.txt  2012-04-09 20:32
ComboFix2.txt  2012-02-06 00:18
.
Vor Suchlauf: 10 Verzeichnis(se), 12.827.287.552 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 12.545.220.608 Bytes frei
.
- - End Of File - - 63FFD6C536FDB1B7C4537B923A254FB5


cosinus 09.04.2012 22:14

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

silber51 10.04.2012 11:02

Hier schonmal GMER. Rest folgt dann gleich.

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-10 12:01:53
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6 ExcelStor_Technology_J8080S rev.P21OAB3A
Running: v48gv8xu.exe; Driver: C:\Users\Dennis\AppData\Local\Temp\pwdirpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1            82C4E369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82C87D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x91412000, 0x352E10, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\atksgt.sys    section is writeable [0x91DAE300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys    section is writeable [0x91DF1300, 0x1BEE, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume17  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume17  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000049        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                    malicious Win32:MBRoot code @ sector 61
Disk            \Device\Harddisk0\DR0                    PE file @ sector 160810650

---- EOF - GMER 1.0.15 ----

Hier OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:05:31 on 10.04.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acsock" (acsock) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsock.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\Dennis\AppData\Local\Temp\catchme.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"pwdirpog" (pwdirpog) - ? - C:\Users\Dennis\AppData\Local\Temp\pwdirpog.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Octoshape Streaming Services" - "Octoshape ApS" - "C:\Users\Dennis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
"Steam" - "Valve Corporation" - "C:\Program Files\Steam\steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Cisco AnyConnect Secure Mobility Agent for Windows" - "Cisco Systems, Inc." - "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 12:07:12
-----------------------------
12:07:12.264    OS Version: Windows 6.1.7601 Service Pack 1
12:07:12.264    Number of processors: 2 586 0x1706
12:07:12.265    ComputerName: DENNIS-PC  UserName: Dennis
12:07:13.057    Initialize success
12:09:37.854    AVAST engine defs: 12041001
12:09:46.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6
12:09:46.923    Disk 0 Vendor: ExcelStor_Technology_J8080S P21OAB3A Size: 78533MB BusType: 3
12:09:46.944    Disk 0 MBR read successfully
12:09:46.947    Disk 0 MBR scan
12:09:46.951    Disk 0 Windows 7 default MBR code
12:09:46.954    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        78520 MB offset 63
12:09:46.959    Disk 0 malicious Win32:MBRoot code @ sector 61 !
12:09:46.984    Disk 0 PE file @ sector 160810650 !
12:09:47.025    Disk 0 scanning C:\Windows\system32\drivers
12:10:06.509    Service scanning
12:10:28.143    Modules scanning
12:10:50.689    Disk 0 trace - called modules:
12:10:50.712    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:10:51.039    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863512e0]
12:10:51.045    3 CLASSPNP.SYS[8bddc59e] -> nt!IofCallDriver -> [0x85e90918]
12:10:51.050    5 ACPI.sys[8b8bb3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-6[0x86293908]
12:10:51.392    AVAST engine scan C:\Windows
12:10:54.766    AVAST engine scan C:\Windows\system32
12:13:00.559    AVAST engine scan C:\Windows\system32\drivers
12:13:10.494    AVAST engine scan C:\Users\Dennis
12:14:56.579    AVAST engine scan C:\ProgramData
12:19:30.362    Scan finished successfully
12:22:16.471    Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Desktop\MBR.dat"
12:22:16.475    The log file has been saved successfully to "C:\Users\Dennis\Desktop\aswMBR.txt"



Alle Zeitangaben in WEZ +1. Es ist jetzt 22:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131