Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   virus/decrypten abgewürgt, manuell gefixt, löschen von decrypteten dateien? (https://www.trojaner-board.de/117287-virus-decrypten-abgewuergt-manuell-gefixt-loeschen-decrypteten-dateien.html)

gizzmo73 13.06.2012 21:00

virus/decrypten abgewürgt, manuell gefixt, löschen von decrypteten dateien?
 
Hallo

Auch mich hats gestern erwischt. Habe versucht, vieles selber zu fixen, bevor ich auf dieses Forum gestossen bin.

Der Trojaner startete kurz nach anklicken des Email Attachements. Ca. 30 Sekunden nach dem "Startbildschirm" von Ukash habe ich das System abgewürgt. Neustart danach gleich mit Win7 CD und Wiederherstellung (3h vor Virus). Win7 wurde repariert. Nach Neustart, Antivirus Scan mit Avira. 2 infiszierte Dateien gefunden, welche ich sofort gelöscht habe. Nochmaliger Scan, keine Befunde.

Dann habe ich mir meine Dateien angesehen, vieles (vorallem Dokumente und Bilder) war verkryptet, System-Dateien nicht. Manuell versucht die Dateien auf das richtige Format zu editieren, ohne Erfolg. Restore geladen von NAS. Dann merkte ich, dass meine Festplatte volläuft (256GB Vertex3 SSD), was ja logisch ist, da das Restore die verschlüsselten Dateien nicht erkennt und alles doppelt zurückspielt. Manuell laufend die verschlüsselten Dateien gelöscht, damit das Restore durchläuft.

Da ich sicher nicht alle Dateien "erwischt" habe, wollte ich Google bemühen, mir ein Tool zu geben, die verschlüsselten Dateien zu scannen und zu löschen. Dabei bin ich auf Euer Forum gestossen. Hab mich ins Thema eingelesen, bin erschrocken und möchte nun einerseits sicher gehen, dass mein System wieder komplett sicher ist und anderseits beiläufig gerne noch meinen Festplattenplatz Problem lösen ;-) (alle von Euch zur Verfügung gestellten Tools haben leider nicht geholfen).

Anti-Malware von Malwarebytes findet kein Virus mehr. Somit leider auch keine genaueren Angaben zum Virus von diesem Programm.

Habe aus diesem Grund noch das Log von Avira angehängt. Avira meldet den Fund "TR/Ransom.OZ".

Hier der Dateipfad:

C:\Users\admin\AppData\Local\Temp\rflnrimhhb.pre
[FUND] Ist das Trojanische Pferd TR/Ransom.OZ
C:\Users\admin\AppData\Roaming\Hzzhz\wwwwyvxnb.exe
[FUND] Ist das Trojanische Pferd TR/Ransom.OZ

Ich hoffe, dass ihr mir trotz meines Einwirkens helfen könnt. Besten Dank im Voraus für die Unterstützung.


Grüsse
Gizzmo73

[Alle Logs im Anhang]

Edit: Kann das Avira Logfile nicht hochladen. Bitte melden, wenns andersweitig benötigt wird.

cosinus 15.06.2012 19:18

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

gizzmo73 15.06.2012 21:28

hi cosinus

danke für die hilfe.

hier die logs:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: THOMAS [Administrator]

Schutz: Aktiviert

13.06.2012 20:17:44
mbam-log-2012-06-13 (20-17-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 40530
Laufzeit: 35 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: THOMAS [Administrator]

Schutz: Aktiviert

13.06.2012 20:18:31
mbam-log-2012-06-13 (20-18-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 528695
Laufzeit: 43 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Code:

2012/06/13 20:17:23 +0200        THOMAS        admin        MESSAGE        Starting protection
2012/06/13 20:17:24 +0200        THOMAS        admin        MESSAGE        Protection started successfully
2012/06/13 20:17:27 +0200        THOMAS        admin        MESSAGE        Starting IP protection
2012/06/13 20:17:27 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully
2012/06/13 20:30:10 +0200        THOMAS        admin        MESSAGE        Executing scheduled update:  Daily
2012/06/13 20:30:14 +0200        THOMAS        admin        MESSAGE        Starting database refresh
2012/06/13 20:30:14 +0200        THOMAS        admin        MESSAGE        Stopping IP protection
2012/06/13 20:30:14 +0200        THOMAS        admin        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.06.13.05 to version v2012.06.13.06
2012/06/13 20:30:56 +0200        THOMAS        admin        MESSAGE        IP Protection stopped
2012/06/13 20:30:59 +0200        THOMAS        admin        MESSAGE        Database refreshed successfully
2012/06/13 20:30:59 +0200        THOMAS        admin        MESSAGE        Starting IP protection
2012/06/13 20:31:00 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully

Code:

2012/06/14 23:48:42 +0200        THOMAS        admin        MESSAGE        Executing scheduled update:  Daily
2012/06/14 23:48:44 +0200        THOMAS        admin        MESSAGE        Starting protection
2012/06/14 23:48:45 +0200        THOMAS        admin        MESSAGE        Protection started successfully
2012/06/14 23:48:48 +0200        THOMAS        admin        MESSAGE        Starting IP protection
2012/06/14 23:48:49 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully
2012/06/14 23:48:50 +0200        THOMAS        admin        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.06.13.06 to version v2012.06.14.10
2012/06/14 23:48:50 +0200        THOMAS        admin        MESSAGE        Starting database refresh
2012/06/14 23:48:50 +0200        THOMAS        admin        MESSAGE        Stopping IP protection
2012/06/14 23:49:22 +0200        THOMAS        admin        MESSAGE        IP Protection stopped
2012/06/14 23:49:23 +0200        THOMAS        admin        MESSAGE        Database refreshed successfully
2012/06/14 23:49:23 +0200        THOMAS        admin        MESSAGE        Starting IP protection
2012/06/14 23:49:24 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully


Code:

2012/06/15 00:04:27 +0200        THOMAS        admin        IP-BLOCK        208.94.234.233 (Type: outgoing, Port: 50846, Process: firefox.exe)
2012/06/15 00:04:27 +0200        THOMAS        admin        IP-BLOCK        208.94.234.233 (Type: outgoing, Port: 50848, Process: firefox.exe)
2012/06/15 22:10:51 +0200        THOMAS        admin        MESSAGE        Starting protection
2012/06/15 22:10:52 +0200        THOMAS        admin        MESSAGE        Protection started successfully
2012/06/15 22:10:55 +0200        THOMAS        admin        MESSAGE        Starting IP protection
2012/06/15 22:10:56 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully
2012/06/15 22:17:47 +0200        THOMAS        admin        MESSAGE        Executing scheduled update:  Daily
2012/06/15 22:17:59 +0200        THOMAS        admin        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.06.14.10 to version v2012.06.15.08
2012/06/15 22:17:59 +0200        THOMAS        admin        MESSAGE        Starting database refresh
2012/06/15 22:17:59 +0200        THOMAS        admin        MESSAGE        Stopping IP protection
2012/06/15 22:18:34 +0200        THOMAS        admin        MESSAGE        IP Protection stopped
2012/06/15 22:18:35 +0200        THOMAS        admin        MESSAGE        Database refreshed successfully
2012/06/15 22:18:35 +0200        THOMAS        admin        MESSAGE        Starting IP protection
2012/06/15 22:18:35 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully


gruss
gizzmo73

cosinus 15.06.2012 23:15

Poste bitte auch das Log von AntiVir komplett oder steht da sonst nichts weiter drin?

gizzmo73 15.06.2012 23:23

sorry, hier noch das avira log:

Code:



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 12. Juni 2012  21:35

Es wird nach 3830208 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : admin
Computername  : THOMAS

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  08.05.2012 21:08:13
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 21:08:13
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 21:08:13
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 21:08:14
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 21:07:47
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 20:34:53
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 20:34:55
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 21:07:42
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 21:07:42
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 21:07:42
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 21:07:42
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 21:07:42
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 21:07:42
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 21:07:42
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 21:07:42
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 21:07:43
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 21:07:41
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 15:08:28
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 19:48:41
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 22:23:12
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 19:49:51
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 19:49:04
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 19:49:16
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 19:49:02
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 19:49:04
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 19:56:35
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 19:56:35
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 19:34:45
VBASE026.VDF  : 7.11.32.172    2048 Bytes  12.06.2012 19:34:45
VBASE027.VDF  : 7.11.32.173    2048 Bytes  12.06.2012 19:34:45
VBASE028.VDF  : 7.11.32.174    2048 Bytes  12.06.2012 19:34:45
VBASE029.VDF  : 7.11.32.175    2048 Bytes  12.06.2012 19:34:45
VBASE030.VDF  : 7.11.32.176    2048 Bytes  12.06.2012 19:34:46
VBASE031.VDF  : 7.11.32.180    2560 Bytes  12.06.2012 19:34:46
Engineversion  : 8.2.10.80
AEVDF.DLL      : 8.1.2.8      106867 Bytes  01.06.2012 19:49:02
AESCRIPT.DLL  : 8.1.4.24      450939 Bytes  31.05.2012 19:51:04
AESCN.DLL      : 8.1.8.2      131444 Bytes  09.04.2012 20:34:59
AESBX.DLL      : 8.2.5.10      606580 Bytes  29.05.2012 19:52:18
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 06:55:37
AEPACK.DLL    : 8.2.16.16    807288 Bytes  29.05.2012 19:52:03
AEOFFICE.DLL  : 8.1.2.28      201082 Bytes  26.04.2012 21:05:18
AEHEUR.DLL    : 8.1.4.36    4874615 Bytes  31.05.2012 19:50:58
AEHELP.DLL    : 8.1.21.0      254326 Bytes  10.05.2012 21:07:44
AEGEN.DLL      : 8.1.5.28      422260 Bytes  26.04.2012 21:05:12
AEEXP.DLL      : 8.1.0.44      82293 Bytes  29.05.2012 19:52:18
AEEMU.DLL      : 8.1.3.0      393589 Bytes  31.01.2012 06:55:34
AECORE.DLL    : 8.1.25.10    201080 Bytes  31.05.2012 19:49:25
AEBB.DLL      : 8.1.1.0        53618 Bytes  31.01.2012 06:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 21:08:13
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 21:08:13
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 21:08:14
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 21:08:13
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 21:08:13
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 21:08:13
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  08.05.2012 21:08:13
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 21:08:13
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 21:08:13
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  08.05.2012 21:08:13

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 12. Juni 2012  21:35

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'osd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KoneHID.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Scan2Pc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ubd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1832' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <SSD>
C:\Users\admin\AppData\Local\Temp\rflnrimhhb.pre
  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ
C:\Users\admin\AppData\Roaming\Hzzhz\wwwwyvxnb.exe
  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ
C:\Users\admin\Documents\jjNAxnTyoEejTngDooNrL
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Morpheus-b3d-v2.exe
  [WARNUNG]  Die Version dieses Archives wird nicht unterstützt
C:\Users\admin\Documents\OgtErNnngOsvNAaTyvU
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\summit.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\uGGaresXqDLTjJpOynLN
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Zeugnisse.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Curriculum Vitae\vvtEjsGaVDtUpLu
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\UNXetUeenDGaalyXNfgj
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\AJEOlnassXfDGdaAxLrN
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\dxTQtLLQuaLnnuL
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\dytLAsurqsxUdvv
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\GvNQTNgsQaNpLQ
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\JdqEjqDLgsNNUOTr
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\qlTjetLeysNsaot
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\quTesEdOnLVeGUOLtaAx
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\qyltajAQrNsvajGdUtJTg
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\seAJfOGQUesXglUTetg
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\seeQndNlffGQXjj
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\uXNDdaLLtglUJEaLdeafD
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\vLfruGqglXVNxVtUnO
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\VNadgDsoDQasjXxOlXpL
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\vTVenuxqsdGVNQJrq
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Documents\Metal Storm\Schriften\zips\XTLyJuflufvJDLgDdUxeT
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\admin\Downloads\avira_free_antivirus_de.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\admin\Music\iTunes\iTunes Music\Mobile Applications\SanFrancis 1.4.ipa
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\admin\Music\iTunes\Mobile Applications\SanFrancis.ipa
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Windows\SoftwareDistribution\Download\085abba7f486e33fdc9e7380d3c36f75\BIT2F17.tmp
  [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.

Beginne mit der Desinfektion:
C:\Users\admin\AppData\Roaming\Hzzhz\wwwwyvxnb.exe
  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56ec325d.qua' verschoben!
C:\Users\admin\AppData\Local\Temp\rflnrimhhb.pre
  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e761d09.qua' verschoben!


Ende des Suchlaufs: Dienstag, 12. Juni 2012  21:48
Benötigte Zeit: 12:41 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  35567 Verzeichnisse wurden überprüft
 709268 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 709266 Dateien ohne Befall
  6730 Archive wurden durchsucht
    27 Warnungen
      2 Hinweise

gruss
thomas

cosinus 15.06.2012 23:35

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

gizzmo73 16.06.2012 08:34

guten morgen

hier das eset log:

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fc4ba9e7bb559b4cb8b67b5e594a2bea
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-15 11:19:37
# local_time=2012-06-16 01:19:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5797444 5797444 0 0
# compatibility_mode=5893 16776574 100 94 30282720 91430871 0 0
# compatibility_mode=8192 67108863 100 0 107 107 0 0
# scanned=318714
# found=0
# cleaned=0
# scan_time=1355


gruss
thomas

doof, hacken bei "scan archives" nicht gesetzt, deshalb nochmals...

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fc4ba9e7bb559b4cb8b67b5e594a2bea
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-15 11:19:37
# local_time=2012-06-16 01:19:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5797444 5797444 0 0
# compatibility_mode=5893 16776574 100 94 30282720 91430871 0 0
# compatibility_mode=8192 67108863 100 0 107 107 0 0
# scanned=318714
# found=0
# cleaned=0
# scan_time=1355
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fc4ba9e7bb559b4cb8b67b5e594a2bea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-16 08:18:18
# local_time=2012-06-16 10:18:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5828695 5828695 0 0
# compatibility_mode=5893 16776574 100 94 30313971 91462122 0 0
# compatibility_mode=8192 67108863 100 0 31358 31358 0 0
# scanned=319226
# found=0
# cleaned=0
# scan_time=2426

gruss
thomas

cosinus 17.06.2012 20:17

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


gizzmo73 17.06.2012 22:05

danke für deine unterstützung auch bei diesem wetter und dem em spiel!

hier das log

OTL Logfile:
Code:

OTL logfile created on: 17.06.2012 22:59:01 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.98 Gb Total Physical Memory | 12.34 Gb Available Physical Memory | 77.18% Memory free
31.96 Gb Paging File | 28.78 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.47 Gb Total Space | 16.19 Gb Free Space | 7.25% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1229.28 Gb Free Space | 65.98% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive H: | 111.69 Gb Total Space | 11.22 Gb Free Space | 10.05% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.17 13:34:44 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.13 22:33:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2012.05.08 23:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 23:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 23:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Programme\Open Office\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Programme\Open Office\program\soffice.bin
PRC - [2010.11.24 12:08:06 | 000,021,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
PRC - [2009.09.15 17:02:48 | 000,180,224 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
PRC - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2008.10.06 11:40:32 | 000,458,752 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.17 13:34:44 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.29 00:12:48 | 000,985,088 | ---- | M] () -- D:\Programme\Open Office\program\libxml2.dll
MOD - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
MOD - [2008.06.26 20:46:08 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll
MOD - [2008.06.26 20:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
MOD - [2008.06.26 20:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 13:34:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 23:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 23:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.05 20:18:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.29 18:53:03 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.29 08:02:24 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011.06.29 08:02:24 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011.06.29 08:02:16 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010.11.24 12:08:06 | 000,021,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 23:08:14 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 23:08:14 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010.09.21 03:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.15 14:14:40 | 000,021,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICTDrv.sys -- (ICTDrv)
DRV:64bit: - [2010.08.18 00:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2010.07.27 03:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.07.27 03:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.06.09 10:00:14 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.12.11 14:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr)
DRV:64bit: - [2007.08.13 20:51:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010.09.15 14:30:50 | 000,034,304 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 6D 16 DD AD C7 CC 01  [binary data]
IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.new.facebook.com/home.php"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Acrobat Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 13:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.10.26 19:53:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins
 
[2011.06.28 21:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2011.06.28 21:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 23:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\3ke90op0.default\extensions
[2012.04.26 20:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.13 21:58:12 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KE90OP0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.01.05 23:33:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KE90OP0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.31 16:00:52 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KE90OP0.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.06.17 13:34:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 13:34:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 13:34:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 13:34:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 13:34:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 13:34:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 13:34:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [Steam] D:\Programme\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Programme\Open Office\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C4A0FD2-35A0-4308-BB75-01F583E5ED1C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFADB887-69C1-4DEB-859B-FF80735826F4}: DhcpNameServer = 138.188.101.189 138.188.101.186
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.16 00:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.16 00:55:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
[2012.06.13 22:33:45 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012.06.13 21:02:33 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Logs
[2012.06.13 20:17:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.06.13 20:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.13 20:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.13 20:17:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.13 20:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.12 22:41:38 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\FUSSBALL MANAGER 12
[2012.06.12 20:56:38 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Hzzhz
[2012.06.11 09:08:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Macromedia
[2012.06.10 13:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.06.02 10:57:58 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Hochzeit 2012
[2012.05.24 22:30:17 | 000,000,000 | ---D | C] -- C:\Fotostream
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.17 22:59:25 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 22:59:25 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 22:59:10 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.17 22:59:10 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.17 22:59:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.17 22:59:10 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.17 22:59:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.17 22:52:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.17 22:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.17 22:52:13 | 4280,438,782 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.17 22:28:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.17 22:18:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.16 00:54:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
[2012.06.15 22:08:46 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 22:33:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012.06.13 21:03:27 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012.06.13 20:17:03 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.12 22:09:20 | 000,140,166 | ---- | M] () -- C:\Users\admin\Documents\Mail versand wöchentlich.eml
[2012.06.04 20:39:02 | 000,002,169 | -H-- | M] () -- C:\Users\admin\.recently-used.xbel
[2012.06.04 20:39:02 | 000,002,169 | ---- | M] () -- C:\Users\admin\tsvtfOLGNUvlyaujNlJO
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.13 21:03:27 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012.06.13 20:17:03 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.26 19:57:36 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.05 17:33:07 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2011.07.02 15:15:14 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.07.02 15:09:14 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.06.28 03:48:54 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
 
========== LOP Check ==========
 
[2011.12.27 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canon
[2012.06.04 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0
[2012.01.22 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HDRsoft
[2012.06.12 21:48:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Hzzhz
[2011.12.18 21:15:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\My Games
[2011.06.29 00:13:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2011.07.05 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ROCCAT
[2012.05.12 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Spotify
[2011.06.28 21:58:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2012.03.14 18:25:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.02 14:39:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe
[2012.03.07 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012.04.09 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Avira
[2011.12.27 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canon
[2012.06.04 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0
[2012.01.22 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HDRsoft
[2012.06.12 21:48:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Hzzhz
[2011.06.27 07:24:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities
[2011.06.27 21:59:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia
[2012.06.13 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2011.07.24 14:59:27 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2011.06.28 21:50:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla
[2011.12.18 21:15:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\My Games
[2011.06.29 00:13:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2011.07.05 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ROCCAT
[2011.06.28 22:42:38 | 000,000,000 | RH-D | M] -- C:\Users\admin\AppData\Roaming\SecuROM
[2012.05.12 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Spotify
[2011.06.28 21:58:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011.12.17 19:18:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\vlc
[2011.12.27 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2011.06.29 20:29:25 | 000,010,134 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011.11.14 14:51:54 | 006,860,960 | ---- | M] (Spotify Ltd) -- C:\Users\admin\AppData\Roaming\Spotify\spotify.exe
[2011.11.16 21:23:07 | 000,090,044 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Spotify\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 594 bytes -> C:\Users\admin\Documents\Mail versand wöchentlich.eml:OECustomProperty

< End of report >

--- --- ---


[/code]


gruss
thomas

cosinus 18.06.2012 10:16

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
:Files
C:\Users\admin\AppData\Roaming\Hzzhz
C:\Users\admin\tsvtfOLGNUvlyaujNlJO
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

gizzmo73 22.06.2012 18:29

hallo und sorry, meine späte antwort. ich war die letzten tage geschäftlich im ausland. herzlichen dank für dein skript, hier das log:

Code:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-784953121-418807109-1662913338-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
========== FILES ==========
C:\Users\admin\AppData\Roaming\Hzzhz folder moved successfully.
C:\Users\admin\tsvtfOLGNUvlyaujNlJO moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 74836599 bytes
->Temporary Internet Files folder emptied: 294070804 bytes
->Java cache emptied: 151983 bytes
->FireFox cache emptied: 677428181 bytes
->Flash cache emptied: 60711 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33198 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33198 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84276461512 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 81'372.00 mb
 
 
[EMPTYFLASH]
 
User: admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06222012_192341

Files\Folders moved on Reboot...
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\etilqs_34Fm5d6xbhyMX25qh4pU moved successfully.
C:\Windows\temp\etilqs_3aJi2Ekvr92WIEMZqopZ moved successfully.
C:\Windows\temp\etilqs_ckgLZ66L34cbfqQpR01H moved successfully.
C:\Windows\temp\etilqs_gSVENRdamdKHYptJURuM moved successfully.
File\Folder C:\Windows\temp\etilqs_JPxc3HDnvoKmwFedaRuV not found!
C:\Windows\temp\etilqs_lJcGoBjvdrpLUCgb6jRh moved successfully.
C:\Windows\temp\etilqs_ljJKTAHT11kfizAtYbvD moved successfully.
C:\Windows\temp\etilqs_mXXcE6hl6xaVkva9Bz08 moved successfully.
C:\Windows\temp\etilqs_NzYZxnusSX6lQYpiI8BQ moved successfully.
C:\Windows\temp\etilqs_OewzjTChjZ59XbbhToAu moved successfully.
C:\Windows\temp\etilqs_qZ1cDNxYFLq7tTS0Mq7W moved successfully.
C:\Windows\temp\etilqs_vqh6BXHhT06wX4pWCnJi moved successfully.
C:\Windows\temp\etilqs_W6F5wo5D6tCduAu7nege moved successfully.

Registry entries deleted on Reboot...


wow - richtig viel platz wieder auf der festplatte! apropos, evtl. für dich noch hilfreich: meine fotos waren zum teil nicht mehr zugreifbar und es wurde nur das standard-icon angezeigt. dies wurde nicht gefixt. nicht schlimm, davon habe ich ein sauberes backup, welches ich nun zurückgespielt habe.

gruess
thomas

cosinus 24.06.2012 15:44

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

gizzmo73 24.06.2012 18:39

hallo

hier das tdss log:

Code:

19:37:03.0670 4000        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:37:03.0748 4000        ============================================================
19:37:03.0748 4000        Current date / time: 2012/06/24 19:37:03.0748
19:37:03.0748 4000        SystemInfo:
19:37:03.0748 4000       
19:37:03.0748 4000        OS Version: 6.1.7601 ServicePack: 1.0
19:37:03.0748 4000        Product type: Workstation
19:37:03.0748 4000        ComputerName: THOMAS
19:37:03.0748 4000        UserName: admin
19:37:03.0748 4000        Windows directory: C:\Windows
19:37:03.0748 4000        System windows directory: C:\Windows
19:37:03.0748 4000        Running under WOW64
19:37:03.0748 4000        Processor architecture: Intel x64
19:37:03.0748 4000        Number of processors: 8
19:37:03.0748 4000        Page size: 0x1000
19:37:03.0748 4000        Boot type: Normal boot
19:37:03.0748 4000        ============================================================
19:37:03.0873 4000        Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:37:03.0873 4000        Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:37:03.0873 4000        Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
19:37:03.0873 4000        ============================================================
19:37:03.0873 4000        \Device\Harddisk1\DR1:
19:37:03.0873 4000        MBR partitions:
19:37:03.0873 4000        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:37:03.0873 4000        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1800
19:37:03.0873 4000        \Device\Harddisk0\DR0:
19:37:03.0873 4000        MBR partitions:
19:37:03.0873 4000        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
19:37:03.0873 4000        \Device\Harddisk2\DR2:
19:37:03.0873 4000        MBR partitions:
19:37:03.0873 4000        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:37:03.0873 4000        \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
19:37:03.0873 4000        ============================================================
19:37:03.0873 4000        C: <-> \Device\Harddisk1\DR1\Partition1
19:37:03.0888 4000        D: <-> \Device\Harddisk0\DR0\Partition0
19:37:03.0904 4000        G: <-> \Device\Harddisk2\DR2\Partition0
19:37:03.0904 4000        H: <-> \Device\Harddisk2\DR2\Partition1
19:37:03.0904 4000        ============================================================
19:37:03.0904 4000        Initialize success
19:37:03.0904 4000        ============================================================
19:37:35.0481 6096        ============================================================
19:37:35.0481 6096        Scan started
19:37:35.0481 6096        Mode: Manual; SigCheck; TDLFS;
19:37:35.0481 6096        ============================================================
19:37:35.0949 6096        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
19:37:35.0965 6096        1394ohci - ok
19:37:35.0981 6096        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:37:35.0981 6096        ACPI - ok
19:37:35.0981 6096        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:37:35.0996 6096        AcpiPmi - ok
19:37:35.0996 6096        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:37:36.0012 6096        AdobeARMservice - ok
19:37:36.0027 6096        AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:37:36.0027 6096        AdobeFlashPlayerUpdateSvc - ok
19:37:36.0043 6096        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:37:36.0043 6096        adp94xx - ok
19:37:36.0059 6096        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:37:36.0059 6096        adpahci - ok
19:37:36.0074 6096        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:37:36.0074 6096        adpu320 - ok
19:37:36.0074 6096        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:37:36.0121 6096        AeLookupSvc - ok
19:37:36.0137 6096        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:37:36.0152 6096        AFD - ok
19:37:36.0152 6096        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:37:36.0152 6096        agp440 - ok
19:37:36.0152 6096        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:37:36.0168 6096        ALG - ok
19:37:36.0168 6096        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:37:36.0168 6096        aliide - ok
19:37:36.0168 6096        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:37:36.0183 6096        amdide - ok
19:37:36.0183 6096        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:37:36.0183 6096        AmdK8 - ok
19:37:36.0183 6096        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:37:36.0199 6096        AmdPPM - ok
19:37:36.0199 6096        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:37:36.0199 6096        amdsata - ok
19:37:36.0215 6096        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:37:36.0215 6096        amdsbs - ok
19:37:36.0215 6096        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:37:36.0215 6096        amdxata - ok
19:37:36.0230 6096        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:37:36.0230 6096        AntiVirSchedulerService - ok
19:37:36.0230 6096        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:37:36.0246 6096        AntiVirService - ok
19:37:36.0246 6096        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:37:36.0277 6096        AppID - ok
19:37:36.0277 6096        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:37:36.0293 6096        AppIDSvc - ok
19:37:36.0293 6096        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:37:36.0308 6096        Appinfo - ok
19:37:36.0324 6096        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:37:36.0324 6096        Apple Mobile Device - ok
19:37:36.0324 6096        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:37:36.0339 6096        AppMgmt - ok
19:37:36.0339 6096        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:37:36.0339 6096        arc - ok
19:37:36.0355 6096        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:37:36.0355 6096        arcsas - ok
19:37:36.0355 6096        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:36.0371 6096        AsyncMac - ok
19:37:36.0371 6096        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:37:36.0371 6096        atapi - ok
19:37:36.0386 6096        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:37:36.0417 6096        AudioEndpointBuilder - ok
19:37:36.0417 6096        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:37:36.0433 6096        AudioSrv - ok
19:37:36.0433 6096        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:37:36.0449 6096        avgntflt - ok
19:37:36.0449 6096        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:37:36.0464 6096        avipbb - ok
19:37:36.0464 6096        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:37:36.0464 6096        avkmgr - ok
19:37:36.0464 6096        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:37:36.0480 6096        AxInstSV - ok
19:37:36.0480 6096        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:37:36.0495 6096        b06bdrv - ok
19:37:36.0495 6096        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:37:36.0511 6096        b57nd60a - ok
19:37:36.0511 6096        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:37:36.0527 6096        BDESVC - ok
19:37:36.0527 6096        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:37:36.0542 6096        Beep - ok
19:37:36.0558 6096        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:37:36.0573 6096        BFE - ok
19:37:36.0589 6096        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:37:36.0620 6096        BITS - ok
19:37:36.0620 6096        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:37:36.0620 6096        blbdrive - ok
19:37:36.0636 6096        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:37:36.0636 6096        Bonjour Service - ok
19:37:36.0651 6096        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:37:36.0651 6096        bowser - ok
19:37:36.0651 6096        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:37:36.0667 6096        BrFiltLo - ok
19:37:36.0667 6096        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:37:36.0667 6096        BrFiltUp - ok
19:37:36.0667 6096        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:37:36.0698 6096        Browser - ok
19:37:36.0698 6096        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:37:36.0714 6096        Brserid - ok
19:37:36.0714 6096        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:37:36.0714 6096        BrSerWdm - ok
19:37:36.0714 6096        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:37:36.0729 6096        BrUsbMdm - ok
19:37:36.0729 6096        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:37:36.0729 6096        BrUsbSer - ok
19:37:36.0729 6096        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:37:36.0745 6096        BTHMODEM - ok
19:37:36.0745 6096        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:37:36.0761 6096        bthserv - ok
19:37:36.0761 6096        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:36.0776 6096        cdfs - ok
19:37:36.0792 6096        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:36.0792 6096        cdrom - ok
19:37:36.0792 6096        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:37:36.0807 6096        CertPropSvc - ok
19:37:36.0807 6096        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:37:36.0823 6096        circlass - ok
19:37:36.0839 6096        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:37:36.0839 6096        CLFS - ok
19:37:36.0839 6096        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:36.0854 6096        clr_optimization_v2.0.50727_32 - ok
19:37:36.0854 6096        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:37:36.0854 6096        clr_optimization_v2.0.50727_64 - ok
19:37:36.0870 6096        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:36.0870 6096        clr_optimization_v4.0.30319_32 - ok
19:37:36.0870 6096        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:37:36.0885 6096        clr_optimization_v4.0.30319_64 - ok
19:37:36.0885 6096        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:37:36.0885 6096        CmBatt - ok
19:37:36.0885 6096        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:37:36.0885 6096        cmdide - ok
19:37:36.0901 6096        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:37:36.0917 6096        CNG - ok
19:37:36.0917 6096        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:37:36.0917 6096        Compbatt - ok
19:37:36.0917 6096        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:37:36.0932 6096        CompositeBus - ok
19:37:36.0932 6096        COMSysApp - ok
19:37:36.0932 6096        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:37:36.0932 6096        crcdisk - ok
19:37:36.0948 6096        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:37:36.0948 6096        CryptSvc - ok
19:37:36.0963 6096        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:37:36.0963 6096        CSC - ok
19:37:36.0979 6096        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:37:36.0995 6096        CscService - ok
19:37:37.0010 6096        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:37:37.0026 6096        DcomLaunch - ok
19:37:37.0041 6096        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:37:37.0057 6096        defragsvc - ok
19:37:37.0057 6096        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:37:37.0073 6096        DfsC - ok
19:37:37.0073 6096        DgiVecp - ok
19:37:37.0088 6096        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:37:37.0104 6096        Dhcp - ok
19:37:37.0104 6096        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:37:37.0119 6096        discache - ok
19:37:37.0135 6096        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:37:37.0135 6096        Disk - ok
19:37:37.0135 6096        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
19:37:37.0151 6096        dmvsc - ok
19:37:37.0151 6096        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:37:37.0151 6096        Dnscache - ok
19:37:37.0166 6096        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:37:37.0182 6096        dot3svc - ok
19:37:37.0182 6096        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:37:37.0197 6096        DPS - ok
19:37:37.0197 6096        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:37:37.0213 6096        drmkaud - ok
19:37:37.0229 6096        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:37.0244 6096        DXGKrnl - ok
19:37:37.0260 6096        e1cexpress      (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
19:37:37.0260 6096        e1cexpress - ok
19:37:37.0260 6096        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:37:37.0275 6096        EapHost - ok
19:37:37.0338 6096        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:37:37.0369 6096        ebdrv - ok
19:37:37.0385 6096        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:37:37.0400 6096        EFS - ok
19:37:37.0416 6096        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:37:37.0416 6096        ehRecvr - ok
19:37:37.0431 6096        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:37:37.0431 6096        ehSched - ok
19:37:37.0447 6096        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:37:37.0463 6096        elxstor - ok
19:37:37.0463 6096        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:37:37.0463 6096        ErrDev - ok
19:37:37.0478 6096        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:37:37.0494 6096        EventSystem - ok
19:37:37.0494 6096        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:37:37.0509 6096        exfat - ok
19:37:37.0525 6096        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:37:37.0541 6096        fastfat - ok
19:37:37.0556 6096        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:37:37.0572 6096        Fax - ok
19:37:37.0572 6096        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:37:37.0572 6096        fdc - ok
19:37:37.0572 6096        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:37:37.0587 6096        fdPHost - ok
19:37:37.0587 6096        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:37:37.0603 6096        FDResPub - ok
19:37:37.0619 6096        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:37:37.0619 6096        FileInfo - ok
19:37:37.0619 6096        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:37:37.0634 6096        Filetrace - ok
19:37:37.0634 6096        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:37:37.0650 6096        flpydisk - ok
19:37:37.0650 6096        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:37:37.0665 6096        FltMgr - ok
19:37:37.0681 6096        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:37:37.0697 6096        FontCache - ok
19:37:37.0697 6096        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:37:37.0697 6096        FontCache3.0.0.0 - ok
19:37:37.0712 6096        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:37:37.0712 6096        FsDepends - ok
19:37:37.0712 6096        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:37.0712 6096        Fs_Rec - ok
19:37:37.0728 6096        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:37:37.0728 6096        fvevol - ok
19:37:37.0728 6096        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:37:37.0743 6096        gagp30kx - ok
19:37:37.0743 6096        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:37.0743 6096        GEARAspiWDM - ok
19:37:37.0759 6096        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:37:37.0790 6096        gpsvc - ok
19:37:37.0790 6096        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:37:37.0790 6096        gupdate - ok
19:37:37.0790 6096        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:37:37.0806 6096        gupdatem - ok
19:37:37.0806 6096        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:37:37.0806 6096        hcw85cir - ok
19:37:37.0821 6096        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:37:37.0821 6096        HdAudAddService - ok
19:37:37.0837 6096        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:37.0837 6096        HDAudBus - ok
19:37:37.0837 6096        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:37:37.0853 6096        HidBatt - ok
19:37:37.0853 6096        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:37:37.0853 6096        HidBth - ok
19:37:37.0853 6096        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:37:37.0868 6096        HidIr - ok
19:37:37.0868 6096        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:37:37.0884 6096        hidserv - ok
19:37:37.0884 6096        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:37.0899 6096        HidUsb - ok
19:37:37.0899 6096        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:37:37.0915 6096        hkmsvc - ok
19:37:37.0915 6096        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:37:37.0931 6096        HomeGroupListener - ok
19:37:37.0931 6096        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:37:37.0946 6096        HomeGroupProvider - ok
19:37:37.0946 6096        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:37:37.0946 6096        HpSAMD - ok
19:37:37.0962 6096        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:37:37.0993 6096        HTTP - ok
19:37:37.0993 6096        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:37:37.0993 6096        hwpolicy - ok
19:37:37.0993 6096        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:37:38.0009 6096        i8042prt - ok
19:37:38.0009 6096        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:37:38.0024 6096        iaStorV - ok
19:37:38.0024 6096        ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
19:37:38.0024 6096        ICCWDT - ok
19:37:38.0024 6096        ICTDrv          (0f363350230217fbf282657ba229fbe8) C:\Windows\system32\DRIVERS\ICTDrv.sys
19:37:38.0024 6096        ICTDrv - ok
19:37:38.0055 6096        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:37:38.0055 6096        idsvc - ok
19:37:38.0055 6096        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:37:38.0071 6096        iirsp - ok
19:37:38.0087 6096        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:37:38.0102 6096        IKEEXT - ok
19:37:38.0165 6096        IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
19:37:38.0196 6096        IntcAzAudAddService - ok
19:37:38.0211 6096        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:37:38.0211 6096        intelide - ok
19:37:38.0227 6096        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:38.0227 6096        intelppm - ok
19:37:38.0227 6096        Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
19:37:38.0243 6096        Intel® PROSet Monitoring Service - ok
19:37:38.0243 6096        IOCBIOS        (9160d7b5cfa88697179c039bc852a945) C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys
19:37:38.0243 6096        IOCBIOS - ok
19:37:38.0243 6096        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:37:38.0258 6096        IPBusEnum - ok
19:37:38.0258 6096        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:38.0274 6096        IpFilterDriver - ok
19:37:38.0289 6096        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:37:38.0321 6096        iphlpsvc - ok
19:37:38.0321 6096        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:37:38.0321 6096        IPMIDRV - ok
19:37:38.0321 6096        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:37:38.0352 6096        IPNAT - ok
19:37:38.0367 6096        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:37:38.0383 6096        iPod Service - ok
19:37:38.0383 6096        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:37:38.0383 6096        IRENUM - ok
19:37:38.0383 6096        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:37:38.0399 6096        isapnp - ok
19:37:38.0399 6096        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:37:38.0399 6096        iScsiPrt - ok
19:37:38.0414 6096        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:38.0414 6096        kbdclass - ok
19:37:38.0414 6096        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:38.0414 6096        kbdhid - ok
19:37:38.0430 6096        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:38.0430 6096        KeyIso - ok
19:37:38.0430 6096        KoneFltr        (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys
19:37:38.0430 6096        KoneFltr - ok
19:37:38.0430 6096        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:37:38.0445 6096        KSecDD - ok
19:37:38.0445 6096        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:37:38.0445 6096        KSecPkg - ok
19:37:38.0461 6096        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:37:38.0477 6096        ksthunk - ok
19:37:38.0477 6096        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:37:38.0492 6096        KtmRm - ok
19:37:38.0508 6096        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:37:38.0523 6096        LanmanServer - ok
19:37:38.0523 6096        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:37:38.0539 6096        LanmanWorkstation - ok
19:37:38.0555 6096        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:38.0570 6096        lltdio - ok
19:37:38.0570 6096        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:37:38.0586 6096        lltdsvc - ok
19:37:38.0586 6096        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:37:38.0601 6096        lmhosts - ok
19:37:38.0617 6096        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:37:38.0617 6096        LSI_FC - ok
19:37:38.0617 6096        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:37:38.0633 6096        LSI_SAS - ok
19:37:38.0633 6096        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:37:38.0633 6096        LSI_SAS2 - ok
19:37:38.0633 6096        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:37:38.0648 6096        LSI_SCSI - ok
19:37:38.0648 6096        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:37:38.0664 6096        luafv - ok
19:37:38.0664 6096        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:37:38.0664 6096        MBAMProtector - ok
19:37:38.0679 6096        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:37:38.0695 6096        MBAMService - ok
19:37:38.0695 6096        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:37:38.0695 6096        Mcx2Svc - ok
19:37:38.0711 6096        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:37:38.0711 6096        megasas - ok
19:37:38.0711 6096        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:37:38.0726 6096        MegaSR - ok
19:37:38.0726 6096        MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
19:37:38.0726 6096        MEIx64 - ok
19:37:38.0726 6096        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:37:38.0742 6096        MMCSS - ok
19:37:38.0757 6096        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:37:38.0773 6096        Modem - ok
19:37:38.0773 6096        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:37:38.0773 6096        monitor - ok
19:37:38.0773 6096        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:38.0789 6096        mouclass - ok
19:37:38.0789 6096        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:38.0789 6096        mouhid - ok
19:37:38.0789 6096        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:37:38.0804 6096        mountmgr - ok
19:37:38.0804 6096        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:37:38.0804 6096        MozillaMaintenance - ok
19:37:38.0804 6096        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:37:38.0820 6096        mpio - ok
19:37:38.0820 6096        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:37:38.0835 6096        mpsdrv - ok
19:37:38.0851 6096        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:37:38.0882 6096        MpsSvc - ok
19:37:38.0882 6096        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:37:38.0882 6096        MRxDAV - ok
19:37:38.0898 6096        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:38.0898 6096        mrxsmb - ok
19:37:38.0913 6096        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:38.0913 6096        mrxsmb10 - ok
19:37:38.0913 6096        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:38.0929 6096        mrxsmb20 - ok
19:37:38.0929 6096        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:37:38.0929 6096        msahci - ok
19:37:38.0929 6096        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:37:38.0945 6096        msdsm - ok
19:37:38.0945 6096        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:37:38.0945 6096        MSDTC - ok
19:37:38.0960 6096        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:37:38.0976 6096        Msfs - ok
19:37:38.0976 6096        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:37:38.0991 6096        mshidkmdf - ok
19:37:38.0991 6096        MSICDSetup - ok
19:37:38.0991 6096        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:37:38.0991 6096        msisadrv - ok
19:37:38.0991 6096        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:37:39.0023 6096        MSiSCSI - ok
19:37:39.0023 6096        msiserver - ok
19:37:39.0023 6096        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:39.0038 6096        MSKSSRV - ok
19:37:39.0038 6096        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:39.0054 6096        MSPCLOCK - ok
19:37:39.0054 6096        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:37:39.0069 6096        MSPQM - ok
19:37:39.0085 6096        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:37:39.0085 6096        MsRPC - ok
19:37:39.0085 6096        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:39.0101 6096        mssmbios - ok
19:37:39.0101 6096        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:37:39.0116 6096        MSTEE - ok
19:37:39.0116 6096        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:37:39.0116 6096        MTConfig - ok
19:37:39.0116 6096        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:37:39.0132 6096        Mup - ok
19:37:39.0132 6096        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:37:39.0163 6096        napagent - ok
19:37:39.0163 6096        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:39.0179 6096        NativeWifiP - ok
19:37:39.0194 6096        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:37:39.0210 6096        NDIS - ok
19:37:39.0210 6096        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:37:39.0225 6096        NdisCap - ok
19:37:39.0225 6096        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:39.0241 6096        NdisTapi - ok
19:37:39.0257 6096        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:39.0272 6096        Ndisuio - ok
19:37:39.0272 6096        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:39.0288 6096        NdisWan - ok
19:37:39.0288 6096        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:37:39.0303 6096        NDProxy - ok
19:37:39.0303 6096        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
19:37:39.0319 6096        Netaapl - ok
19:37:39.0319 6096        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:37:39.0335 6096        NetBIOS - ok
19:37:39.0335 6096        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:37:39.0350 6096        NetBT - ok
19:37:39.0350 6096        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:39.0366 6096        Netlogon - ok
19:37:39.0366 6096        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:37:39.0397 6096        Netman - ok
19:37:39.0397 6096        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:37:39.0428 6096        netprofm - ok
19:37:39.0428 6096        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:39.0428 6096        NetTcpPortSharing - ok
19:37:39.0428 6096        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:37:39.0444 6096        nfrd960 - ok
19:37:39.0444 6096        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:37:39.0475 6096        NlaSvc - ok
19:37:39.0475 6096        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:37:39.0491 6096        Npfs - ok
19:37:39.0491 6096        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:37:39.0506 6096        nsi - ok
19:37:39.0506 6096        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:37:39.0522 6096        nsiproxy - ok
19:37:39.0553 6096        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:37:39.0569 6096        Ntfs - ok
19:37:39.0600 6096        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:37:39.0615 6096        Null - ok
19:37:39.0615 6096        nusb3hub        (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:37:39.0615 6096        nusb3hub - ok
19:37:39.0631 6096        nusb3xhc        (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:37:39.0631 6096        nusb3xhc - ok
19:37:39.0631 6096        NVHDA          (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
19:37:39.0647 6096        NVHDA - ok
19:37:39.0912 6096        nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:37:40.0068 6096        nvlddmkm - ok
19:37:40.0099 6096        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:37:40.0099 6096        nvraid - ok
19:37:40.0099 6096        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:37:40.0115 6096        nvstor - ok
19:37:40.0130 6096        nvsvc          (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
19:37:40.0146 6096        nvsvc - ok
19:37:40.0193 6096        nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:37:40.0208 6096        nvUpdatusService - ok
19:37:40.0239 6096        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:37:40.0239 6096        nv_agp - ok
19:37:40.0255 6096        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:37:40.0271 6096        ohci1394 - ok
19:37:40.0286 6096        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:37:40.0286 6096        p2pimsvc - ok
19:37:40.0302 6096        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:37:40.0302 6096        p2psvc - ok
19:37:40.0317 6096        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:37:40.0317 6096        Parport - ok
19:37:40.0317 6096        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:37:40.0333 6096        partmgr - ok
19:37:40.0333 6096        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:37:40.0349 6096        PcaSvc - ok
19:37:40.0349 6096        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:37:40.0349 6096        pci - ok
19:37:40.0349 6096        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:37:40.0364 6096        pciide - ok
19:37:40.0364 6096        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:37:40.0364 6096        pcmcia - ok
19:37:40.0380 6096        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:37:40.0380 6096        pcw - ok
19:37:40.0395 6096        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:37:40.0411 6096        PEAUTH - ok
19:37:40.0442 6096        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:37:40.0458 6096        PeerDistSvc - ok
19:37:40.0473 6096        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:37:40.0473 6096        PerfHost - ok
19:37:40.0520 6096        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:37:40.0551 6096        pla - ok
19:37:40.0567 6096        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:37:40.0567 6096        PlugPlay - ok
19:37:40.0567 6096        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:37:40.0583 6096        PNRPAutoReg - ok
19:37:40.0583 6096        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:37:40.0598 6096        PNRPsvc - ok
19:37:40.0598 6096        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:37:40.0629 6096        PolicyAgent - ok
19:37:40.0629 6096        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:37:40.0645 6096        Power - ok
19:37:40.0661 6096        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:37:40.0676 6096        PptpMiniport - ok
19:37:40.0676 6096        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:37:40.0676 6096        Processor - ok
19:37:40.0692 6096        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:37:40.0692 6096        ProfSvc - ok
19:37:40.0692 6096        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:40.0707 6096        ProtectedStorage - ok
19:37:40.0707 6096        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:37:40.0723 6096        Psched - ok
19:37:40.0754 6096        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:37:40.0785 6096        ql2300 - ok
19:37:40.0801 6096        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:37:40.0801 6096        ql40xx - ok
19:37:40.0817 6096        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:37:40.0817 6096        QWAVE - ok
19:37:40.0832 6096        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:37:40.0832 6096        QWAVEdrv - ok
19:37:40.0832 6096        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:37:40.0863 6096        RasAcd - ok
19:37:40.0863 6096        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:37:40.0879 6096        RasAgileVpn - ok
19:37:40.0879 6096        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:37:40.0895 6096        RasAuto - ok
19:37:40.0895 6096        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:40.0910 6096        Rasl2tp - ok
19:37:40.0926 6096        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:37:40.0957 6096        RasMan - ok
19:37:40.0957 6096        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:40.0973 6096        RasPppoe - ok
19:37:40.0973 6096        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:37:40.0988 6096        RasSstp - ok
19:37:41.0004 6096        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:37:41.0019 6096        rdbss - ok
19:37:41.0019 6096        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:37:41.0019 6096        rdpbus - ok
19:37:41.0035 6096        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:41.0051 6096        RDPCDD - ok
19:37:41.0051 6096        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:37:41.0051 6096        RDPDR - ok
19:37:41.0051 6096        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:37:41.0066 6096        RDPENCDD - ok
19:37:41.0082 6096        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:37:41.0097 6096        RDPREFMP - ok
19:37:41.0097 6096        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:37:41.0097 6096        RDPWD - ok
19:37:41.0113 6096        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:37:41.0113 6096        rdyboost - ok
19:37:41.0113 6096        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:37:41.0129 6096        RemoteAccess - ok
19:37:41.0207 6096        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:37:41.0222 6096        RemoteRegistry - ok
19:37:41.0222 6096        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:37:41.0238 6096        RpcEptMapper - ok
19:37:41.0238 6096        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:37:41.0253 6096        RpcLocator - ok
19:37:41.0269 6096        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:37:41.0285 6096        RpcSs - ok
19:37:41.0285 6096        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:37:41.0300 6096        rspndr - ok
19:37:41.0300 6096        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:37:41.0300 6096        s3cap - ok
19:37:41.0316 6096        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:41.0316 6096        SamSs - ok
19:37:41.0316 6096        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:37:41.0331 6096        sbp2port - ok
19:37:41.0331 6096        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:37:41.0347 6096        SCardSvr - ok
19:37:41.0347 6096        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:37:41.0363 6096        scfilter - ok
19:37:41.0394 6096        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:37:41.0409 6096        Schedule - ok
19:37:41.0409 6096        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:37:41.0425 6096        SCPolicySvc - ok
19:37:41.0441 6096        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:37:41.0441 6096        SDRSVC - ok
19:37:41.0441 6096        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:37:41.0456 6096        secdrv - ok
19:37:41.0472 6096        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:37:41.0487 6096        seclogon - ok
19:37:41.0487 6096        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:37:41.0503 6096        SENS - ok
19:37:41.0503 6096        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:37:41.0503 6096        SensrSvc - ok
19:37:41.0503 6096        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:37:41.0519 6096        Serenum - ok
19:37:41.0519 6096        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:37:41.0519 6096        Serial - ok
19:37:41.0519 6096        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:37:41.0534 6096        sermouse - ok
19:37:41.0534 6096        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:37:41.0550 6096        SessionEnv - ok
19:37:41.0550 6096        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:37:41.0565 6096        sffdisk - ok
19:37:41.0565 6096        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:37:41.0565 6096        sffp_mmc - ok
19:37:41.0565 6096        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:37:41.0581 6096        sffp_sd - ok
19:37:41.0581 6096        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:37:41.0581 6096        sfloppy - ok
19:37:41.0597 6096        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:37:41.0612 6096        SharedAccess - ok
19:37:41.0612 6096        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:37:41.0643 6096        ShellHWDetection - ok
19:37:41.0643 6096        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:37:41.0643 6096        SiSRaid2 - ok
19:37:41.0643 6096        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:37:41.0659 6096        SiSRaid4 - ok
19:37:41.0659 6096        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:37:41.0675 6096        Smb - ok
19:37:41.0675 6096        smbusp          (3da591bbab178a3152b8685dc43b20cd) C:\Windows\system32\DRIVERS\intelsmb.sys
19:37:41.0675 6096        smbusp - ok
19:37:41.0675 6096        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:37:41.0690 6096        SNMPTRAP - ok
19:37:41.0690 6096        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:37:41.0690 6096        spldr - ok
19:37:41.0706 6096        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:37:41.0721 6096        Spooler - ok
19:37:41.0815 6096        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:37:41.0862 6096        sppsvc - ok
19:37:41.0877 6096        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:37:41.0893 6096        sppuinotify - ok
19:37:41.0909 6096        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:37:41.0909 6096        srv - ok
19:37:41.0924 6096        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:37:41.0924 6096        srv2 - ok
19:37:41.0940 6096        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:37:41.0940 6096        srvnet - ok
19:37:41.0955 6096        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:37:41.0971 6096        SSDPSRV - ok
19:37:41.0971 6096        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
19:37:41.0971 6096        SSPORT - ok
19:37:41.0971 6096        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:37:41.0987 6096        SstpSvc - ok
19:37:41.0987 6096        Steam Client Service - ok
19:37:42.0002 6096        Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:37:42.0018 6096        Stereo Service - ok
19:37:42.0018 6096        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:37:42.0018 6096        stexstor - ok
19:37:42.0033 6096        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:37:42.0049 6096        stisvc - ok
19:37:42.0049 6096        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:37:42.0049 6096        storflt - ok
19:37:42.0049 6096        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:37:42.0065 6096        StorSvc - ok
19:37:42.0065 6096        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:37:42.0065 6096        storvsc - ok
19:37:42.0065 6096        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:37:42.0065 6096        swenum - ok
19:37:42.0080 6096        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:37:42.0111 6096        swprv - ok
19:37:42.0143 6096        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:37:42.0158 6096        SysMain - ok
19:37:42.0174 6096        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:37:42.0189 6096        TabletInputService - ok
19:37:42.0205 6096        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:37:42.0221 6096        TapiSrv - ok
19:37:42.0221 6096        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:37:42.0236 6096        TBS - ok
19:37:42.0283 6096        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:37:42.0299 6096        Tcpip - ok
19:37:42.0345 6096        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:37:42.0361 6096        TCPIP6 - ok
19:37:42.0392 6096        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:37:42.0408 6096        tcpipreg - ok
19:37:42.0408 6096        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:37:42.0408 6096        TDPIPE - ok
19:37:42.0408 6096        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:37:42.0423 6096        TDTCP - ok
19:37:42.0423 6096        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:37:42.0439 6096        tdx - ok
19:37:42.0439 6096        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:37:42.0455 6096        TermDD - ok
19:37:42.0455 6096        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:37:42.0486 6096        TermService - ok
19:37:42.0486 6096        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:37:42.0486 6096        Themes - ok
19:37:42.0501 6096        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:37:42.0517 6096        THREADORDER - ok
19:37:42.0517 6096        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:37:42.0533 6096        TrkWks - ok
19:37:42.0533 6096        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:37:42.0564 6096        TrustedInstaller - ok
19:37:42.0564 6096        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:42.0579 6096        tssecsrv - ok
19:37:42.0579 6096        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:37:42.0579 6096        TsUsbFlt - ok
19:37:42.0579 6096        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:37:42.0595 6096        TsUsbGD - ok
19:37:42.0595 6096        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:37:42.0611 6096        tunnel - ok
19:37:42.0611 6096        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:37:42.0611 6096        uagp35 - ok
19:37:42.0626 6096        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:37:42.0642 6096        udfs - ok
19:37:42.0642 6096        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:37:42.0657 6096        UI0Detect - ok
19:37:42.0657 6096        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:37:42.0657 6096        uliagpkx - ok
19:37:42.0657 6096        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:37:42.0673 6096        umbus - ok
19:37:42.0673 6096        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:37:42.0673 6096        UmPass - ok
19:37:42.0689 6096        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:37:42.0689 6096        UmRdpService - ok
19:37:42.0704 6096        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:37:42.0720 6096        upnphost - ok
19:37:42.0720 6096        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:37:42.0720 6096        USBAAPL64 - ok
19:37:42.0735 6096        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:42.0735 6096        usbccgp - ok
19:37:42.0735 6096        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:37:42.0751 6096        usbcir - ok
19:37:42.0751 6096        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:37:42.0751 6096        usbehci - ok
19:37:42.0751 6096        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:37:42.0767 6096        usbhub - ok
19:37:42.0767 6096        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:37:42.0767 6096        usbohci - ok
19:37:42.0767 6096        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:37:42.0782 6096        usbprint - ok
19:37:42.0782 6096        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:42.0782 6096        USBSTOR - ok
19:37:42.0798 6096        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:37:42.0798 6096        usbuhci - ok
19:37:42.0798 6096        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:37:42.0813 6096        UxSms - ok
19:37:42.0813 6096        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:42.0829 6096        VaultSvc - ok
19:37:42.0829 6096        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:37:42.0829 6096        vdrvroot - ok
19:37:42.0845 6096        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:37:42.0860 6096        vds - ok
19:37:42.0860 6096        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:42.0876 6096        vga - ok
19:37:42.0876 6096        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:37:42.0891 6096        VgaSave - ok
19:37:42.0891 6096        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:37:42.0907 6096        vhdmp - ok
19:37:42.0907 6096        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:37:42.0907 6096        viaide - ok
19:37:42.0907 6096        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:37:42.0923 6096        vmbus - ok
19:37:42.0923 6096        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:37:42.0923 6096        VMBusHID - ok
19:37:42.0923 6096        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:37:42.0938 6096        volmgr - ok
19:37:42.0938 6096        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:37:42.0954 6096        volmgrx - ok
19:37:42.0954 6096        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:37:42.0969 6096        volsnap - ok
19:37:42.0969 6096        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:37:42.0969 6096        vsmraid - ok
19:37:43.0016 6096        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:37:43.0032 6096        VSS - ok
19:37:43.0063 6096        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:37:43.0063 6096        vwifibus - ok
19:37:43.0079 6096        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:37:43.0094 6096        W32Time - ok
19:37:43.0094 6096        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:37:43.0094 6096        WacomPen - ok
19:37:43.0110 6096        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:43.0125 6096        WANARP - ok
19:37:43.0125 6096        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:43.0141 6096        Wanarpv6 - ok
19:37:43.0172 6096        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:37:43.0188 6096        WatAdminSvc - ok
19:37:43.0219 6096        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:37:43.0235 6096        wbengine - ok
19:37:43.0250 6096        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:37:43.0266 6096        WbioSrvc - ok
19:37:43.0266 6096        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:37:43.0281 6096        wcncsvc - ok
19:37:43.0281 6096        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:37:43.0297 6096        WcsPlugInService - ok
19:37:43.0297 6096        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:37:43.0297 6096        Wd - ok
19:37:43.0313 6096        WDDMService    (b4c34eb650eb1309f1b0c5eb34afe091) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
19:37:43.0313 6096        WDDMService - ok
19:37:43.0328 6096        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:37:43.0344 6096        Wdf01000 - ok
19:37:43.0375 6096        WDFMEService    (1bd70aa3d8c7a6178d180d0643643b14) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
19:37:43.0391 6096        WDFMEService - ok
19:37:43.0422 6096        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:37:43.0437 6096        WdiServiceHost - ok
19:37:43.0437 6096        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:37:43.0437 6096        WdiSystemHost - ok
19:37:43.0469 6096        WDRulesService  (834b4943472296efde82d3e3e9d69377) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
19:37:43.0484 6096        WDRulesService - ok
19:37:43.0500 6096        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:37:43.0515 6096        WebClient - ok
19:37:43.0515 6096        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:37:43.0547 6096        Wecsvc - ok
19:37:43.0547 6096        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:37:43.0562 6096        wercplsupport - ok
19:37:43.0562 6096        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:37:43.0578 6096        WerSvc - ok
19:37:43.0593 6096        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:37:43.0609 6096        WfpLwf - ok
19:37:43.0609 6096        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:37:43.0609 6096        WIMMount - ok
19:37:43.0609 6096        WinDefend - ok
19:37:43.0609 6096        WinHttpAutoProxySvc - ok
19:37:43.0625 6096        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:37:43.0640 6096        Winmgmt - ok
19:37:43.0671 6096        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:37:43.0703 6096        WinRM - ok
19:37:43.0734 6096        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:37:43.0734 6096        WinUsb - ok
19:37:43.0749 6096        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:37:43.0765 6096        Wlansvc - ok
19:37:43.0812 6096        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:37:43.0843 6096        wlidsvc - ok
19:37:43.0859 6096        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:37:43.0859 6096        WmiAcpi - ok
19:37:43.0874 6096        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:37:43.0874 6096        wmiApSrv - ok
19:37:43.0874 6096        WMPNetworkSvc - ok
19:37:43.0874 6096        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:37:43.0890 6096        WPCSvc - ok
19:37:43.0890 6096        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:37:43.0905 6096        WPDBusEnum - ok
19:37:43.0905 6096        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:37:43.0921 6096        ws2ifsl - ok
19:37:43.0921 6096        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:37:43.0937 6096        wscsvc - ok
19:37:43.0937 6096        WSearch - ok
19:37:43.0983 6096        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:37:43.0999 6096        wuauserv - ok
19:37:44.0030 6096        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:37:44.0046 6096        WudfPf - ok
19:37:44.0046 6096        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:44.0061 6096        WUDFRd - ok
19:37:44.0077 6096        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:37:44.0093 6096        wudfsvc - ok
19:37:44.0093 6096        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:37:44.0108 6096        WwanSvc - ok
19:37:44.0108 6096        XTUService      (876f0c41035c04ba7a44ec0418408f69) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
19:37:44.0108 6096        XTUService - ok
19:37:44.0108 6096        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
19:37:44.0124 6096        xusb21 - ok
19:37:44.0124 6096        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:37:44.0186 6096        \Device\Harddisk1\DR1 - ok
19:37:44.0186 6096        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:37:44.0233 6096        \Device\Harddisk0\DR0 - ok
19:37:44.0233 6096        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
19:37:44.0295 6096        \Device\Harddisk2\DR2 - ok
19:37:44.0311 6096        Boot (0x1200)  (24106a563911eff1194ccce63c2f062a) \Device\Harddisk1\DR1\Partition0
19:37:44.0311 6096        \Device\Harddisk1\DR1\Partition0 - ok
19:37:44.0311 6096        Boot (0x1200)  (fd19fb908651d337bbb28ad72f99beed) \Device\Harddisk1\DR1\Partition1
19:37:44.0311 6096        \Device\Harddisk1\DR1\Partition1 - ok
19:37:44.0311 6096        Boot (0x1200)  (043b5fc9e071c400cc6c31b918f34241) \Device\Harddisk0\DR0\Partition0
19:37:44.0311 6096        \Device\Harddisk0\DR0\Partition0 - ok
19:37:44.0311 6096        Boot (0x1200)  (e66a494f8f95894a4e8bfb05e9b02ac1) \Device\Harddisk2\DR2\Partition0
19:37:44.0311 6096        \Device\Harddisk2\DR2\Partition0 - ok
19:37:44.0311 6096        Boot (0x1200)  (d22ebbf098509f3b224bf6502b283a7b) \Device\Harddisk2\DR2\Partition1
19:37:44.0311 6096        \Device\Harddisk2\DR2\Partition1 - ok
19:37:44.0311 6096        ============================================================
19:37:44.0311 6096        Scan finished
19:37:44.0311 6096        ============================================================
19:37:44.0311 5248        Detected object count: 0
19:37:44.0311 5248        Actual detected object count: 0


gruss
thomas

cosinus 25.06.2012 08:18

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

gizzmo73 25.06.2012 08:56

guten morgen

hier das logfile von combofix:

Code:

Combofix Logfile:

       
Code:

       
ComboFix 12-06-25.01 - admin 25.06.2012   9:49.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.16366.12106 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-25 bis 2012-06-25  ))))))))))))))))))))))))))))))
.
.
2012-06-25 07:51 . 2012-06-25 07:51        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-06-25 07:51 . 2012-06-25 07:51        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-22 17:23 . 2012-06-22 17:23        --------        d-----w-        C:\_OTL
2012-06-22 17:15 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-22 17:15 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-22 17:15 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-22 17:15 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-22 17:15 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-22 17:15 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-22 17:15 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-22 17:15 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-22 17:15 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-17 11:34 . 2012-06-17 11:34        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 11:34 . 2012-06-17 11:34        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-15 22:55 . 2012-06-15 22:55        --------        d-----w-        c:\program files (x86)\ESET
2012-06-14 21:53 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 18:17 . 2012-06-13 18:17        --------        d-----w-        c:\users\admin\AppData\Roaming\Malwarebytes
2012-06-13 18:17 . 2012-06-13 18:17        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-13 18:17 . 2012-06-13 18:17        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-13 18:17 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-11 07:08 . 2012-06-11 07:08        --------        d-----w-        c:\users\admin\AppData\Local\Macromedia
2012-06-10 11:01 . 2012-06-12 20:32        --------        d-----w-        c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 08:18 . 2012-03-31 10:51        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 08:18 . 2011-06-27 19:59        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 21:08 . 2012-04-09 20:32        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 21:08 . 2012-04-09 20:32        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-10 20:46 . 2011-06-28 22:12        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 19:50        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="d:\programme\Steam\Steam.exe" [2011-08-02 1242448]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"3170 Scan2PC"="c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [2009-06-11 503808]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - d:\programme\Open Office\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [x]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:18]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 21:13]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3ke90op0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.new.facebook.com/home.php
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
AddRemove-553E35CD-0415-41bc-B39A-410375E88534 - c:\program files (x86)\Intel\ACPI Driver Installer\Uninstall\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-784953121-418807109-1662913338-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,39,52,93,01,bb,2f,be,16,a9,94,83,64,97,bd,af,46,3a,4b,2b,46,
   65,00,79,dd,54,4a,f9,d1,b7,21,66,d1,bb,90,08,02,b4,7f,de,49,d8,8c,5d,2b,52,\
"rkeysecu"=hex:3d,18,b1,18,40,df,2f,6a,27,d7,81,03,e8,2e,ef,a2
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-25  09:53:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-25 07:53
.
Vor Suchlauf: 13 Verzeichnis(se), 83'952'492'544 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 86'431'436'800 Bytes frei
.
- - End Of File - - 40C87F876614B1914C8681BDB494F642


--- --- ---


gruss
thomas


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131