Trojaner-Board - virus/decrypten abgewürgt, manuell gefixt, löschen von decrypteten dateien?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - virus/decrypten abgewürgt, manuell gefixt, löschen von decrypteten dateien? (https://www.trojaner-board.de/117287-virus-decrypten-abgewuergt-manuell-gefixt-loeschen-decrypteten-dateien.html)

virus/decrypten abgewürgt, manuell gefixt, löschen von decrypteten dateien?

Hallo

Auch mich hats gestern erwischt. Habe versucht, vieles selber zu fixen, bevor ich auf dieses Forum gestossen bin.

Der Trojaner startete kurz nach anklicken des Email Attachements. Ca. 30 Sekunden nach dem "Startbildschirm" von Ukash habe ich das System abgewürgt. Neustart danach gleich mit Win7 CD und Wiederherstellung (3h vor Virus). Win7 wurde repariert. Nach Neustart, Antivirus Scan mit Avira. 2 infiszierte Dateien gefunden, welche ich sofort gelöscht habe. Nochmaliger Scan, keine Befunde.

Dann habe ich mir meine Dateien angesehen, vieles (vorallem Dokumente und Bilder) war verkryptet, System-Dateien nicht. Manuell versucht die Dateien auf das richtige Format zu editieren, ohne Erfolg. Restore geladen von NAS. Dann merkte ich, dass meine Festplatte volläuft (256GB Vertex3 SSD), was ja logisch ist, da das Restore die verschlüsselten Dateien nicht erkennt und alles doppelt zurückspielt. Manuell laufend die verschlüsselten Dateien gelöscht, damit das Restore durchläuft.

Da ich sicher nicht alle Dateien "erwischt" habe, wollte ich Google bemühen, mir ein Tool zu geben, die verschlüsselten Dateien zu scannen und zu löschen. Dabei bin ich auf Euer Forum gestossen. Hab mich ins Thema eingelesen, bin erschrocken und möchte nun einerseits sicher gehen, dass mein System wieder komplett sicher ist und anderseits beiläufig gerne noch meinen Festplattenplatz Problem lösen ;-) (alle von Euch zur Verfügung gestellten Tools haben leider nicht geholfen).

Anti-Malware von Malwarebytes findet kein Virus mehr. Somit leider auch keine genaueren Angaben zum Virus von diesem Programm.

Habe aus diesem Grund noch das Log von Avira angehängt. Avira meldet den Fund "TR/Ransom.OZ".

Hier der Dateipfad:

C:\Users\admin\AppData\Local\Temp\rflnrimhhb.pre
[FUND] Ist das Trojanische Pferd TR/Ransom.OZ
C:\Users\admin\AppData\Roaming\Hzzhz\wwwwyvxnb.exe
[FUND] Ist das Trojanische Pferd TR/Ransom.OZ

Ich hoffe, dass ihr mir trotz meines Einwirkens helfen könnt. Besten Dank im Voraus für die Unterstützung.

Grüsse
Gizzmo73

[Alle Logs im Anhang]

Edit: Kann das Avira Logfile nicht hochladen. Bitte melden, wenns andersweitig benötigt wird.

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

hi cosinus

danke für die hilfe.

hier die logs:

Code:

 Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.13.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: THOMAS [Administrator]
 

Schutz: Aktiviert
 

13.06.2012 20:17:44

mbam-log-2012-06-13 (20-17-44).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 40530

Laufzeit: 35 Sekunde(n) [Abgebrochen]
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.13.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: THOMAS [Administrator]
 

Schutz: Aktiviert
 

13.06.2012 20:18:31

mbam-log-2012-06-13 (20-18-31).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 528695

Laufzeit: 43 Minute(n), 35 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

2012/06/13 20:17:23 +0200        THOMAS        admin        MESSAGE        Starting protection

2012/06/13 20:17:24 +0200        THOMAS        admin        MESSAGE        Protection started successfully

2012/06/13 20:17:27 +0200        THOMAS        admin        MESSAGE        Starting IP protection

2012/06/13 20:17:27 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully

2012/06/13 20:30:10 +0200        THOMAS        admin        MESSAGE        Executing scheduled update:  Daily

2012/06/13 20:30:14 +0200        THOMAS        admin        MESSAGE        Starting database refresh

2012/06/13 20:30:14 +0200        THOMAS        admin        MESSAGE        Stopping IP protection

2012/06/13 20:30:14 +0200        THOMAS        admin        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.06.13.05 to version v2012.06.13.06

2012/06/13 20:30:56 +0200        THOMAS        admin        MESSAGE        IP Protection stopped

2012/06/13 20:30:59 +0200        THOMAS        admin        MESSAGE        Database refreshed successfully

2012/06/13 20:30:59 +0200        THOMAS        admin        MESSAGE        Starting IP protection

2012/06/13 20:31:00 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully

Code:

2012/06/14 23:48:42 +0200        THOMAS        admin        MESSAGE        Executing scheduled update:  Daily

2012/06/14 23:48:44 +0200        THOMAS        admin        MESSAGE        Starting protection

2012/06/14 23:48:45 +0200        THOMAS        admin        MESSAGE        Protection started successfully

2012/06/14 23:48:48 +0200        THOMAS        admin        MESSAGE        Starting IP protection

2012/06/14 23:48:49 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully

2012/06/14 23:48:50 +0200        THOMAS        admin        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.06.13.06 to version v2012.06.14.10

2012/06/14 23:48:50 +0200        THOMAS        admin        MESSAGE        Starting database refresh

2012/06/14 23:48:50 +0200        THOMAS        admin        MESSAGE        Stopping IP protection

2012/06/14 23:49:22 +0200        THOMAS        admin        MESSAGE        IP Protection stopped

2012/06/14 23:49:23 +0200        THOMAS        admin        MESSAGE        Database refreshed successfully

2012/06/14 23:49:23 +0200        THOMAS        admin        MESSAGE        Starting IP protection

2012/06/14 23:49:24 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully

Code:

2012/06/15 00:04:27 +0200        THOMAS        admin        IP-BLOCK        208.94.234.233 (Type: outgoing, Port: 50846, Process: firefox.exe)

2012/06/15 00:04:27 +0200        THOMAS        admin        IP-BLOCK        208.94.234.233 (Type: outgoing, Port: 50848, Process: firefox.exe)

2012/06/15 22:10:51 +0200        THOMAS        admin        MESSAGE        Starting protection

2012/06/15 22:10:52 +0200        THOMAS        admin        MESSAGE        Protection started successfully

2012/06/15 22:10:55 +0200        THOMAS        admin        MESSAGE        Starting IP protection

2012/06/15 22:10:56 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully

2012/06/15 22:17:47 +0200        THOMAS        admin        MESSAGE        Executing scheduled update:  Daily

2012/06/15 22:17:59 +0200        THOMAS        admin        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.06.14.10 to version v2012.06.15.08

2012/06/15 22:17:59 +0200        THOMAS        admin        MESSAGE        Starting database refresh

2012/06/15 22:17:59 +0200        THOMAS        admin        MESSAGE        Stopping IP protection

2012/06/15 22:18:34 +0200        THOMAS        admin        MESSAGE        IP Protection stopped

2012/06/15 22:18:35 +0200        THOMAS        admin        MESSAGE        Database refreshed successfully

2012/06/15 22:18:35 +0200        THOMAS        admin        MESSAGE        Starting IP protection

2012/06/15 22:18:35 +0200        THOMAS        admin        MESSAGE        IP Protection started successfully

gruss
gizzmo73

Poste bitte auch das Log von AntiVir komplett oder steht da sonst nichts weiter drin?

sorry, hier noch das avira log:

Code:


 

Avira Free Antivirus

Erstellungsdatum der Reportdatei: Dienstag, 12. Juni 2012  21:35
 

Es wird nach 3830208 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Professional

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : admin

Computername   : THOMAS
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00

AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 21:08:13

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 21:08:13

LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 21:08:13

AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 21:08:14

AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 21:07:47

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 20:34:53

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 20:34:55

VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 21:07:42

VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 21:07:42

VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 21:07:42

VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 21:07:42

VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 21:07:42

VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 21:07:42

VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 21:07:42

VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 21:07:42

VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 21:07:43

VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 21:07:41

VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 15:08:28

VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 19:48:41

VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 22:23:12

VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 19:49:51

VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 19:49:04

VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 19:49:16

VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 19:49:02

VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 19:49:04

VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 19:56:35

VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 19:56:35

VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 19:34:45

VBASE026.VDF   : 7.11.32.172     2048 Bytes  12.06.2012 19:34:45

VBASE027.VDF   : 7.11.32.173     2048 Bytes  12.06.2012 19:34:45

VBASE028.VDF   : 7.11.32.174     2048 Bytes  12.06.2012 19:34:45

VBASE029.VDF   : 7.11.32.175     2048 Bytes  12.06.2012 19:34:45

VBASE030.VDF   : 7.11.32.176     2048 Bytes  12.06.2012 19:34:46

VBASE031.VDF   : 7.11.32.180     2560 Bytes  12.06.2012 19:34:46

Engineversion  : 8.2.10.80 

AEVDF.DLL      : 8.1.2.8       106867 Bytes  01.06.2012 19:49:02

AESCRIPT.DLL   : 8.1.4.24      450939 Bytes  31.05.2012 19:51:04

AESCN.DLL      : 8.1.8.2       131444 Bytes  09.04.2012 20:34:59

AESBX.DLL      : 8.2.5.10      606580 Bytes  29.05.2012 19:52:18

AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 06:55:37

AEPACK.DLL     : 8.2.16.16     807288 Bytes  29.05.2012 19:52:03

AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  26.04.2012 21:05:18

AEHEUR.DLL     : 8.1.4.36     4874615 Bytes  31.05.2012 19:50:58

AEHELP.DLL     : 8.1.21.0      254326 Bytes  10.05.2012 21:07:44

AEGEN.DLL      : 8.1.5.28      422260 Bytes  26.04.2012 21:05:12

AEEXP.DLL      : 8.1.0.44       82293 Bytes  29.05.2012 19:52:18

AEEMU.DLL      : 8.1.3.0       393589 Bytes  31.01.2012 06:55:34

AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 19:49:25

AEBB.DLL       : 8.1.1.0        53618 Bytes  31.01.2012 06:55:33

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 21:08:13

AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 21:08:13

AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 21:08:14

AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 21:08:13

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 21:08:13

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 21:08:13

AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 21:08:13

NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 21:08:13

RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 21:08:13

RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 21:08:13
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Manuelle Auswahl

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, 

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Intelligente Dateiauswahl

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: erweitert
 

Beginn des Suchlaufs: Dienstag, 12. Juni 2012  21:35
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!

Masterbootsektor HD1

    [INFO]      Es wurde kein Virus gefunden!

Masterbootsektor HD2

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'osd.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'APSDaemon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'KoneHID.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Scan2Pc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SSMMgr.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'distnoted.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ubd.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ApplePhotoStreams.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iCloudServices.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'steam.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '1832' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\' <SSD>

C:\Users\admin\AppData\Local\Temp\rflnrimhhb.pre

  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ

C:\Users\admin\AppData\Roaming\Hzzhz\wwwwyvxnb.exe

  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ

C:\Users\admin\Documents\jjNAxnTyoEejTngDooNrL

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Morpheus-b3d-v2.exe

  [WARNUNG]   Die Version dieses Archives wird nicht unterstützt

C:\Users\admin\Documents\OgtErNnngOsvNAaTyvU

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\summit.zip

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\uGGaresXqDLTjJpOynLN

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Zeugnisse.zip

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Curriculum Vitae\vvtEjsGaVDtUpLu

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\UNXetUeenDGaalyXNfgj

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\AJEOlnassXfDGdaAxLrN

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\dxTQtLLQuaLnnuL

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\dytLAsurqsxUdvv

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\GvNQTNgsQaNpLQ

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\JdqEjqDLgsNNUOTr

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\qlTjetLeysNsaot

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\quTesEdOnLVeGUOLtaAx

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\qyltajAQrNsvajGdUtJTg

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\seAJfOGQUesXglUTetg

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\seeQndNlffGQXjj

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\uXNDdaLLtglUJEaLdeafD

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\vLfruGqglXVNxVtUnO

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\VNadgDsoDQasjXxOlXpL

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\vTVenuxqsdGVNQJrq

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Documents\Metal Storm\Schriften\zips\XTLyJuflufvJDLgDdUxeT

  [WARNUNG]   Der Archivheader ist defekt

C:\Users\admin\Downloads\avira_free_antivirus_de.exe

  [WARNUNG]   Die Datei ist kennwortgeschützt

C:\Users\admin\Music\iTunes\iTunes Music\Mobile Applications\SanFrancis 1.4.ipa

  [WARNUNG]   Unerwartetes Dateiende erreicht

C:\Users\admin\Music\iTunes\Mobile Applications\SanFrancis.ipa

  [WARNUNG]   Unerwartetes Dateiende erreicht

C:\Windows\SoftwareDistribution\Download\085abba7f486e33fdc9e7380d3c36f75\BIT2F17.tmp

  [WARNUNG]   Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
 

Beginne mit der Desinfektion:

C:\Users\admin\AppData\Roaming\Hzzhz\wwwwyvxnb.exe

  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56ec325d.qua' verschoben!

C:\Users\admin\AppData\Local\Temp\rflnrimhhb.pre

  [FUND]      Ist das Trojanische Pferd TR/Ransom.OZ

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e761d09.qua' verschoben!
 
 

Ende des Suchlaufs: Dienstag, 12. Juni 2012  21:48

Benötigte Zeit: 12:41 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  35567 Verzeichnisse wurden überprüft

 709268 Dateien wurden geprüft

      2 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      2 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 709266 Dateien ohne Befall

   6730 Archive wurden durchsucht

     27 Warnungen

      2 Hinweise

gruss
thomas

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

guten morgen

hier das eset log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=fc4ba9e7bb559b4cb8b67b5e594a2bea

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-15 11:19:37

# local_time=2012-06-16 01:19:37 (+0100, Mitteleuropäische Sommerzeit)

# country="Switzerland"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 5797444 5797444 0 0

# compatibility_mode=5893 16776574 100 94 30282720 91430871 0 0

# compatibility_mode=8192 67108863 100 0 107 107 0 0

# scanned=318714

# found=0

# cleaned=0

# scan_time=1355

gruss
thomas

doof, hacken bei "scan archives" nicht gesetzt, deshalb nochmals...

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=fc4ba9e7bb559b4cb8b67b5e594a2bea

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-15 11:19:37

# local_time=2012-06-16 01:19:37 (+0100, Mitteleuropäische Sommerzeit)

# country="Switzerland"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 5797444 5797444 0 0

# compatibility_mode=5893 16776574 100 94 30282720 91430871 0 0

# compatibility_mode=8192 67108863 100 0 107 107 0 0

# scanned=318714

# found=0

# cleaned=0

# scan_time=1355

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=fc4ba9e7bb559b4cb8b67b5e594a2bea

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-16 08:18:18

# local_time=2012-06-16 10:18:18 (+0100, Mitteleuropäische Sommerzeit)

# country="Switzerland"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 5828695 5828695 0 0

# compatibility_mode=5893 16776574 100 94 30313971 91462122 0 0

# compatibility_mode=8192 67108863 100 0 31358 31358 0 0

# scanned=319226

# found=0

# cleaned=0

# scan_time=2426

gruss
thomas

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

danke für deine unterstützung auch bei diesem wetter und dem em spiel!

hier das log

OTL Logfile:

Code:

OTL logfile created on: 17.06.2012 22:59:01 - Run 2

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\admin\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

15.98 Gb Total Physical Memory | 12.34 Gb Available Physical Memory | 77.18% Memory free

31.96 Gb Paging File | 28.78 Gb Available in Paging File | 90.04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 223.47 Gb Total Space | 16.19 Gb Free Space | 7.25% Space Free | Partition Type: NTFS

Drive D: | 1863.01 Gb Total Space | 1229.28 Gb Free Space | 65.98% Space Free | Partition Type: NTFS

Drive G: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Drive H: | 111.69 Gb Total Space | 11.22 Gb Free Space | 10.05% Space Free | Partition Type: NTFS

 

Computer Name: THOMAS | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.17 13:34:44 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012.06.13 22:33:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

PRC - [2012.05.08 23:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 23:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 23:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Programme\Open Office\program\soffice.exe

PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Programme\Open Office\program\soffice.bin

PRC - [2010.11.24 12:08:06 | 000,021,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

PRC - [2009.09.15 17:02:48 | 000,180,224 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE

PRC - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

PRC - [2008.10.06 11:40:32 | 000,458,752 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.17 13:34:44 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.06.29 00:12:48 | 000,985,088 | ---- | M] () -- D:\Programme\Open Office\program\libxml2.dll

MOD - [2009.06.12 00:10:18 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

MOD - [2008.06.26 20:46:08 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll

MOD - [2008.06.26 20:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll

MOD - [2008.06.26 20:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.06.17 13:34:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.08 23:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.08 23:08:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.05 20:18:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.06.29 18:53:03 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.06.29 08:02:24 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)

SRV - [2011.06.29 08:02:24 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)

SRV - [2011.06.29 08:02:16 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)

SRV - [2010.11.24 12:08:06 | 000,021,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel(R)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 23:08:14 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 23:08:14 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)

DRV:64bit: - [2010.09.21 03:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.09.15 14:14:40 | 000,021,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICTDrv.sys -- (ICTDrv)

DRV:64bit: - [2010.08.18 00:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)

DRV:64bit: - [2010.07.27 03:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010.07.27 03:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010.06.09 10:00:14 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel(R)

DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.12.11 14:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr)

DRV:64bit: - [2007.08.13 20:51:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)

DRV - [2010.09.15 14:30:50 | 000,034,304 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp

IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 6D 16 DD AD C7 CC 01  [binary data]

IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-784953121-418807109-1662913338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.new.facebook.com/home.php"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Acrobat Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 13:34:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.10.26 19:53:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins

 

[2011.06.28 21:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions

[2011.06.28 21:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.05.02 23:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\3ke90op0.default\extensions

[2012.04.26 20:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.13 21:58:12 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KE90OP0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

[2012.01.05 23:33:13 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KE90OP0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.12.31 16:00:52 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3KE90OP0.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI

[2012.06.17 13:34:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.17 13:34:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.17 13:34:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.17 13:34:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.17 13:34:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.17 13:34:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.17 13:34:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1000..\Run: [Steam] D:\Programme\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Programme\Open Office\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C4A0FD2-35A0-4308-BB75-01F583E5ED1C}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFADB887-69C1-4DEB-859B-FF80735826F4}: DhcpNameServer = 138.188.101.189 138.188.101.186

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.16 00:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.16 00:55:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe

[2012.06.13 22:33:45 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012.06.13 21:02:33 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Logs

[2012.06.13 20:17:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2012.06.13 20:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.13 20:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.13 20:17:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.13 20:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.12 22:41:38 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\FUSSBALL MANAGER 12

[2012.06.12 20:56:38 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Hzzhz

[2012.06.11 09:08:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Macromedia

[2012.06.10 13:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.06.02 10:57:58 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Hochzeit 2012

[2012.05.24 22:30:17 | 000,000,000 | ---D | C] -- C:\Fotostream

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.17 22:59:25 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.17 22:59:25 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.17 22:59:10 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.17 22:59:10 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.17 22:59:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.17 22:59:10 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.17 22:59:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.17 22:52:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.17 22:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.17 22:52:13 | 4280,438,782 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.17 22:28:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.17 22:18:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.16 00:54:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe

[2012.06.15 22:08:46 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.13 22:33:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe

[2012.06.13 21:03:27 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable

[2012.06.13 20:17:03 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.12 22:09:20 | 000,140,166 | ---- | M] () -- C:\Users\admin\Documents\Mail versand wöchentlich.eml

[2012.06.04 20:39:02 | 000,002,169 | -H-- | M] () -- C:\Users\admin\.recently-used.xbel

[2012.06.04 20:39:02 | 000,002,169 | ---- | M] () -- C:\Users\admin\tsvtfOLGNUvlyaujNlJO

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.13 21:03:27 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable

[2012.06.13 20:17:03 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.10.26 19:57:36 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.07.05 17:33:07 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

[2011.07.02 15:15:14 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe

[2011.07.02 15:09:14 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe

[2011.06.28 03:48:54 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

 
 ========== LOP Check ==========

 

[2011.12.27 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canon

[2012.06.04 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0

[2012.01.22 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HDRsoft

[2012.06.12 21:48:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Hzzhz

[2011.12.18 21:15:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\My Games

[2011.06.29 00:13:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org

[2011.07.05 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ROCCAT

[2012.05.12 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Spotify

[2011.06.28 21:58:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2012.03.14 18:25:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.07.02 14:39:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe

[2012.03.07 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer

[2012.04.09 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Avira

[2011.12.27 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canon

[2012.06.04 20:39:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0

[2012.01.22 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HDRsoft

[2012.06.12 21:48:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Hzzhz

[2011.06.27 07:24:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities

[2011.06.27 21:59:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia

[2012.06.13 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs

[2011.07.24 14:59:27 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft

[2011.06.28 21:50:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla

[2011.12.18 21:15:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\My Games

[2011.06.29 00:13:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org

[2011.07.05 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ROCCAT

[2011.06.28 22:42:38 | 000,000,000 | RH-D | M] -- C:\Users\admin\AppData\Roaming\SecuROM

[2012.05.12 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Spotify

[2011.06.28 21:58:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird

[2011.12.17 19:18:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\vlc

[2011.12.27 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ZoomBrowser EX

 
 < %APPDATA%\*.exe /s >

[2011.06.29 20:29:25 | 000,010,134 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe

[2011.11.14 14:51:54 | 006,860,960 | ---- | M] (Spotify Ltd) -- C:\Users\admin\AppData\Roaming\Spotify\spotify.exe

[2011.11.16 21:23:07 | 000,090,044 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Spotify\Uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 594 bytes -> C:\Users\admin\Documents\Mail versand wöchentlich.eml:OECustomProperty
 

< End of report >

--- --- ---

[/code]

gruss
thomas

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-784953121-418807109-1662913338-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

:Files

C:\Users\admin\AppData\Roaming\Hzzhz

C:\Users\admin\tsvtfOLGNUvlyaujNlJO

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hallo und sorry, meine späte antwort. ich war die letzten tage geschäftlich im ausland. herzlichen dank für dein skript, hier das log:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-784953121-418807109-1662913338-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_USERS\S-1-5-21-784953121-418807109-1662913338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

========== FILES ==========

C:\Users\admin\AppData\Roaming\Hzzhz folder moved successfully.

C:\Users\admin\tsvtfOLGNUvlyaujNlJO moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: admin

->Temp folder emptied: 74836599 bytes

->Temporary Internet Files folder emptied: 294070804 bytes

->Java cache emptied: 151983 bytes

->FireFox cache emptied: 677428181 bytes

->Flash cache emptied: 60711 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33198 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33198 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 1618992 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 84276461512 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 81'372.00 mb

 

 

[EMPTYFLASH]

 

User: admin

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.48.0 log created on 06222012_192341
 

Files\Folders moved on Reboot...

C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\etilqs_34Fm5d6xbhyMX25qh4pU moved successfully.

C:\Windows\temp\etilqs_3aJi2Ekvr92WIEMZqopZ moved successfully.

C:\Windows\temp\etilqs_ckgLZ66L34cbfqQpR01H moved successfully.

C:\Windows\temp\etilqs_gSVENRdamdKHYptJURuM moved successfully.

File\Folder C:\Windows\temp\etilqs_JPxc3HDnvoKmwFedaRuV not found!

C:\Windows\temp\etilqs_lJcGoBjvdrpLUCgb6jRh moved successfully.

C:\Windows\temp\etilqs_ljJKTAHT11kfizAtYbvD moved successfully.

C:\Windows\temp\etilqs_mXXcE6hl6xaVkva9Bz08 moved successfully.

C:\Windows\temp\etilqs_NzYZxnusSX6lQYpiI8BQ moved successfully.

C:\Windows\temp\etilqs_OewzjTChjZ59XbbhToAu moved successfully.

C:\Windows\temp\etilqs_qZ1cDNxYFLq7tTS0Mq7W moved successfully.

C:\Windows\temp\etilqs_vqh6BXHhT06wX4pWCnJi moved successfully.

C:\Windows\temp\etilqs_W6F5wo5D6tCduAu7nege moved successfully.
 

Registry entries deleted on Reboot...

wow - richtig viel platz wieder auf der festplatte! apropos, evtl. für dich noch hilfreich: meine fotos waren zum teil nicht mehr zugreifbar und es wurde nur das standard-icon angezeigt. dies wurde nicht gefixt. nicht schlimm, davon habe ich ein sauberes backup, welches ich nun zurückgespielt habe.

gruess
thomas

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hallo

hier das tdss log:

Code:

19:37:03.0670 4000        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

19:37:03.0748 4000        ============================================================

19:37:03.0748 4000        Current date / time: 2012/06/24 19:37:03.0748

19:37:03.0748 4000        SystemInfo:

19:37:03.0748 4000        

19:37:03.0748 4000        OS Version: 6.1.7601 ServicePack: 1.0

19:37:03.0748 4000        Product type: Workstation

19:37:03.0748 4000        ComputerName: THOMAS

19:37:03.0748 4000        UserName: admin

19:37:03.0748 4000        Windows directory: C:\Windows

19:37:03.0748 4000        System windows directory: C:\Windows

19:37:03.0748 4000        Running under WOW64

19:37:03.0748 4000        Processor architecture: Intel x64

19:37:03.0748 4000        Number of processors: 8

19:37:03.0748 4000        Page size: 0x1000

19:37:03.0748 4000        Boot type: Normal boot

19:37:03.0748 4000        ============================================================

19:37:03.0873 4000        Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:37:03.0873 4000        Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:37:03.0873 4000        Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040

19:37:03.0873 4000        ============================================================

19:37:03.0873 4000        \Device\Harddisk1\DR1:

19:37:03.0873 4000        MBR partitions:

19:37:03.0873 4000        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:37:03.0873 4000        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1800

19:37:03.0873 4000        \Device\Harddisk0\DR0:

19:37:03.0873 4000        MBR partitions:

19:37:03.0873 4000        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800

19:37:03.0873 4000        \Device\Harddisk2\DR2:

19:37:03.0873 4000        MBR partitions:

19:37:03.0873 4000        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:37:03.0873 4000        \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800

19:37:03.0873 4000        ============================================================

19:37:03.0873 4000        C: <-> \Device\Harddisk1\DR1\Partition1

19:37:03.0888 4000        D: <-> \Device\Harddisk0\DR0\Partition0

19:37:03.0904 4000        G: <-> \Device\Harddisk2\DR2\Partition0

19:37:03.0904 4000        H: <-> \Device\Harddisk2\DR2\Partition1

19:37:03.0904 4000        ============================================================

19:37:03.0904 4000        Initialize success

19:37:03.0904 4000        ============================================================

19:37:35.0481 6096        ============================================================

19:37:35.0481 6096        Scan started

19:37:35.0481 6096        Mode: Manual; SigCheck; TDLFS; 

19:37:35.0481 6096        ============================================================

19:37:35.0949 6096        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

19:37:35.0965 6096        1394ohci - ok

19:37:35.0981 6096        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:37:35.0981 6096        ACPI - ok

19:37:35.0981 6096        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:37:35.0996 6096        AcpiPmi - ok

19:37:35.0996 6096        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:37:36.0012 6096        AdobeARMservice - ok

19:37:36.0027 6096        AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:37:36.0027 6096        AdobeFlashPlayerUpdateSvc - ok

19:37:36.0043 6096        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

19:37:36.0043 6096        adp94xx - ok

19:37:36.0059 6096        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

19:37:36.0059 6096        adpahci - ok

19:37:36.0074 6096        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

19:37:36.0074 6096        adpu320 - ok

19:37:36.0074 6096        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:37:36.0121 6096        AeLookupSvc - ok

19:37:36.0137 6096        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:37:36.0152 6096        AFD - ok

19:37:36.0152 6096        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:37:36.0152 6096        agp440 - ok

19:37:36.0152 6096        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:37:36.0168 6096        ALG - ok

19:37:36.0168 6096        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:37:36.0168 6096        aliide - ok

19:37:36.0168 6096        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:37:36.0183 6096        amdide - ok

19:37:36.0183 6096        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

19:37:36.0183 6096        AmdK8 - ok

19:37:36.0183 6096        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

19:37:36.0199 6096        AmdPPM - ok

19:37:36.0199 6096        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:37:36.0199 6096        amdsata - ok

19:37:36.0215 6096        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

19:37:36.0215 6096        amdsbs - ok

19:37:36.0215 6096        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:37:36.0215 6096        amdxata - ok

19:37:36.0230 6096        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

19:37:36.0230 6096        AntiVirSchedulerService - ok

19:37:36.0230 6096        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

19:37:36.0246 6096        AntiVirService - ok

19:37:36.0246 6096        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:37:36.0277 6096        AppID - ok

19:37:36.0277 6096        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:37:36.0293 6096        AppIDSvc - ok

19:37:36.0293 6096        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:37:36.0308 6096        Appinfo - ok

19:37:36.0324 6096        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:37:36.0324 6096        Apple Mobile Device - ok

19:37:36.0324 6096        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

19:37:36.0339 6096        AppMgmt - ok

19:37:36.0339 6096        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

19:37:36.0339 6096        arc - ok

19:37:36.0355 6096        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

19:37:36.0355 6096        arcsas - ok

19:37:36.0355 6096        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:37:36.0371 6096        AsyncMac - ok

19:37:36.0371 6096        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:37:36.0371 6096        atapi - ok

19:37:36.0386 6096        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:37:36.0417 6096        AudioEndpointBuilder - ok

19:37:36.0417 6096        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:37:36.0433 6096        AudioSrv - ok

19:37:36.0433 6096        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

19:37:36.0449 6096        avgntflt - ok

19:37:36.0449 6096        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

19:37:36.0464 6096        avipbb - ok

19:37:36.0464 6096        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

19:37:36.0464 6096        avkmgr - ok

19:37:36.0464 6096        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:37:36.0480 6096        AxInstSV - ok

19:37:36.0480 6096        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

19:37:36.0495 6096        b06bdrv - ok

19:37:36.0495 6096        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:37:36.0511 6096        b57nd60a - ok

19:37:36.0511 6096        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:37:36.0527 6096        BDESVC - ok

19:37:36.0527 6096        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:37:36.0542 6096        Beep - ok

19:37:36.0558 6096        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:37:36.0573 6096        BFE - ok

19:37:36.0589 6096        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:37:36.0620 6096        BITS - ok

19:37:36.0620 6096        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:37:36.0620 6096        blbdrive - ok

19:37:36.0636 6096        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

19:37:36.0636 6096        Bonjour Service - ok

19:37:36.0651 6096        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:37:36.0651 6096        bowser - ok

19:37:36.0651 6096        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

19:37:36.0667 6096        BrFiltLo - ok

19:37:36.0667 6096        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

19:37:36.0667 6096        BrFiltUp - ok

19:37:36.0667 6096        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:37:36.0698 6096        Browser - ok

19:37:36.0698 6096        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:37:36.0714 6096        Brserid - ok

19:37:36.0714 6096        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:37:36.0714 6096        BrSerWdm - ok

19:37:36.0714 6096        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:37:36.0729 6096        BrUsbMdm - ok

19:37:36.0729 6096        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:37:36.0729 6096        BrUsbSer - ok

19:37:36.0729 6096        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

19:37:36.0745 6096        BTHMODEM - ok

19:37:36.0745 6096        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:37:36.0761 6096        bthserv - ok

19:37:36.0761 6096        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:37:36.0776 6096        cdfs - ok

19:37:36.0792 6096        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

19:37:36.0792 6096        cdrom - ok

19:37:36.0792 6096        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:37:36.0807 6096        CertPropSvc - ok

19:37:36.0807 6096        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

19:37:36.0823 6096        circlass - ok

19:37:36.0839 6096        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:37:36.0839 6096        CLFS - ok

19:37:36.0839 6096        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:37:36.0854 6096        clr_optimization_v2.0.50727_32 - ok

19:37:36.0854 6096        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:37:36.0854 6096        clr_optimization_v2.0.50727_64 - ok

19:37:36.0870 6096        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:37:36.0870 6096        clr_optimization_v4.0.30319_32 - ok

19:37:36.0870 6096        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:37:36.0885 6096        clr_optimization_v4.0.30319_64 - ok

19:37:36.0885 6096        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

19:37:36.0885 6096        CmBatt - ok

19:37:36.0885 6096        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:37:36.0885 6096        cmdide - ok

19:37:36.0901 6096        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:37:36.0917 6096        CNG - ok

19:37:36.0917 6096        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

19:37:36.0917 6096        Compbatt - ok

19:37:36.0917 6096        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:37:36.0932 6096        CompositeBus - ok

19:37:36.0932 6096        COMSysApp - ok

19:37:36.0932 6096        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

19:37:36.0932 6096        crcdisk - ok

19:37:36.0948 6096        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

19:37:36.0948 6096        CryptSvc - ok

19:37:36.0963 6096        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

19:37:36.0963 6096        CSC - ok

19:37:36.0979 6096        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

19:37:36.0995 6096        CscService - ok

19:37:37.0010 6096        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:37:37.0026 6096        DcomLaunch - ok

19:37:37.0041 6096        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:37:37.0057 6096        defragsvc - ok

19:37:37.0057 6096        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:37:37.0073 6096        DfsC - ok

19:37:37.0073 6096        DgiVecp - ok

19:37:37.0088 6096        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:37:37.0104 6096        Dhcp - ok

19:37:37.0104 6096        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:37:37.0119 6096        discache - ok

19:37:37.0135 6096        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

19:37:37.0135 6096        Disk - ok

19:37:37.0135 6096        dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

19:37:37.0151 6096        dmvsc - ok

19:37:37.0151 6096        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:37:37.0151 6096        Dnscache - ok

19:37:37.0166 6096        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:37:37.0182 6096        dot3svc - ok

19:37:37.0182 6096        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:37:37.0197 6096        DPS - ok

19:37:37.0197 6096        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:37:37.0213 6096        drmkaud - ok

19:37:37.0229 6096        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:37:37.0244 6096        DXGKrnl - ok

19:37:37.0260 6096        e1cexpress      (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys

19:37:37.0260 6096        e1cexpress - ok

19:37:37.0260 6096        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:37:37.0275 6096        EapHost - ok

19:37:37.0338 6096        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

19:37:37.0369 6096        ebdrv - ok

19:37:37.0385 6096        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:37:37.0400 6096        EFS - ok

19:37:37.0416 6096        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:37:37.0416 6096        ehRecvr - ok

19:37:37.0431 6096        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:37:37.0431 6096        ehSched - ok

19:37:37.0447 6096        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

19:37:37.0463 6096        elxstor - ok

19:37:37.0463 6096        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:37:37.0463 6096        ErrDev - ok

19:37:37.0478 6096        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:37:37.0494 6096        EventSystem - ok

19:37:37.0494 6096        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:37:37.0509 6096        exfat - ok

19:37:37.0525 6096        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:37:37.0541 6096        fastfat - ok

19:37:37.0556 6096        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:37:37.0572 6096        Fax - ok

19:37:37.0572 6096        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

19:37:37.0572 6096        fdc - ok

19:37:37.0572 6096        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:37:37.0587 6096        fdPHost - ok

19:37:37.0587 6096        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:37:37.0603 6096        FDResPub - ok

19:37:37.0619 6096        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:37:37.0619 6096        FileInfo - ok

19:37:37.0619 6096        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:37:37.0634 6096        Filetrace - ok

19:37:37.0634 6096        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

19:37:37.0650 6096        flpydisk - ok

19:37:37.0650 6096        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:37:37.0665 6096        FltMgr - ok

19:37:37.0681 6096        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:37:37.0697 6096        FontCache - ok

19:37:37.0697 6096        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:37:37.0697 6096        FontCache3.0.0.0 - ok

19:37:37.0712 6096        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:37:37.0712 6096        FsDepends - ok

19:37:37.0712 6096        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:37:37.0712 6096        Fs_Rec - ok

19:37:37.0728 6096        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:37:37.0728 6096        fvevol - ok

19:37:37.0728 6096        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

19:37:37.0743 6096        gagp30kx - ok

19:37:37.0743 6096        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:37:37.0743 6096        GEARAspiWDM - ok

19:37:37.0759 6096        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:37:37.0790 6096        gpsvc - ok

19:37:37.0790 6096        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:37:37.0790 6096        gupdate - ok

19:37:37.0790 6096        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:37:37.0806 6096        gupdatem - ok

19:37:37.0806 6096        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:37:37.0806 6096        hcw85cir - ok

19:37:37.0821 6096        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:37:37.0821 6096        HdAudAddService - ok

19:37:37.0837 6096        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:37:37.0837 6096        HDAudBus - ok

19:37:37.0837 6096        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

19:37:37.0853 6096        HidBatt - ok

19:37:37.0853 6096        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

19:37:37.0853 6096        HidBth - ok

19:37:37.0853 6096        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

19:37:37.0868 6096        HidIr - ok

19:37:37.0868 6096        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:37:37.0884 6096        hidserv - ok

19:37:37.0884 6096        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

19:37:37.0899 6096        HidUsb - ok

19:37:37.0899 6096        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:37:37.0915 6096        hkmsvc - ok

19:37:37.0915 6096        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:37:37.0931 6096        HomeGroupListener - ok

19:37:37.0931 6096        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:37:37.0946 6096        HomeGroupProvider - ok

19:37:37.0946 6096        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:37:37.0946 6096        HpSAMD - ok

19:37:37.0962 6096        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:37:37.0993 6096        HTTP - ok

19:37:37.0993 6096        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:37:37.0993 6096        hwpolicy - ok

19:37:37.0993 6096        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:37:38.0009 6096        i8042prt - ok

19:37:38.0009 6096        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:37:38.0024 6096        iaStorV - ok

19:37:38.0024 6096        ICCWDT          (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys

19:37:38.0024 6096        ICCWDT - ok

19:37:38.0024 6096        ICTDrv          (0f363350230217fbf282657ba229fbe8) C:\Windows\system32\DRIVERS\ICTDrv.sys

19:37:38.0024 6096        ICTDrv - ok

19:37:38.0055 6096        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:37:38.0055 6096        idsvc - ok

19:37:38.0055 6096        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

19:37:38.0071 6096        iirsp - ok

19:37:38.0087 6096        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:37:38.0102 6096        IKEEXT - ok

19:37:38.0165 6096        IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys

19:37:38.0196 6096        IntcAzAudAddService - ok

19:37:38.0211 6096        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:37:38.0211 6096        intelide - ok

19:37:38.0227 6096        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:37:38.0227 6096        intelppm - ok

19:37:38.0227 6096        Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe

19:37:38.0243 6096        Intel® PROSet Monitoring Service - ok

19:37:38.0243 6096        IOCBIOS         (9160d7b5cfa88697179c039bc852a945) C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys

19:37:38.0243 6096        IOCBIOS - ok

19:37:38.0243 6096        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:37:38.0258 6096        IPBusEnum - ok

19:37:38.0258 6096        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:37:38.0274 6096        IpFilterDriver - ok

19:37:38.0289 6096        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:37:38.0321 6096        iphlpsvc - ok

19:37:38.0321 6096        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:37:38.0321 6096        IPMIDRV - ok

19:37:38.0321 6096        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:37:38.0352 6096        IPNAT - ok

19:37:38.0367 6096        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

19:37:38.0383 6096        iPod Service - ok

19:37:38.0383 6096        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:37:38.0383 6096        IRENUM - ok

19:37:38.0383 6096        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:37:38.0399 6096        isapnp - ok

19:37:38.0399 6096        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:37:38.0399 6096        iScsiPrt - ok

19:37:38.0414 6096        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:37:38.0414 6096        kbdclass - ok

19:37:38.0414 6096        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

19:37:38.0414 6096        kbdhid - ok

19:37:38.0430 6096        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:37:38.0430 6096        KeyIso - ok

19:37:38.0430 6096        KoneFltr        (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys

19:37:38.0430 6096        KoneFltr - ok

19:37:38.0430 6096        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:37:38.0445 6096        KSecDD - ok

19:37:38.0445 6096        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:37:38.0445 6096        KSecPkg - ok

19:37:38.0461 6096        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:37:38.0477 6096        ksthunk - ok

19:37:38.0477 6096        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:37:38.0492 6096        KtmRm - ok

19:37:38.0508 6096        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:37:38.0523 6096        LanmanServer - ok

19:37:38.0523 6096        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:37:38.0539 6096        LanmanWorkstation - ok

19:37:38.0555 6096        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:37:38.0570 6096        lltdio - ok

19:37:38.0570 6096        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:37:38.0586 6096        lltdsvc - ok

19:37:38.0586 6096        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:37:38.0601 6096        lmhosts - ok

19:37:38.0617 6096        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

19:37:38.0617 6096        LSI_FC - ok

19:37:38.0617 6096        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

19:37:38.0633 6096        LSI_SAS - ok

19:37:38.0633 6096        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

19:37:38.0633 6096        LSI_SAS2 - ok

19:37:38.0633 6096        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

19:37:38.0648 6096        LSI_SCSI - ok

19:37:38.0648 6096        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:37:38.0664 6096        luafv - ok

19:37:38.0664 6096        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

19:37:38.0664 6096        MBAMProtector - ok

19:37:38.0679 6096        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:37:38.0695 6096        MBAMService - ok

19:37:38.0695 6096        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:37:38.0695 6096        Mcx2Svc - ok

19:37:38.0711 6096        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

19:37:38.0711 6096        megasas - ok

19:37:38.0711 6096        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

19:37:38.0726 6096        MegaSR - ok

19:37:38.0726 6096        MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys

19:37:38.0726 6096        MEIx64 - ok

19:37:38.0726 6096        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:37:38.0742 6096        MMCSS - ok

19:37:38.0757 6096        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:37:38.0773 6096        Modem - ok

19:37:38.0773 6096        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:37:38.0773 6096        monitor - ok

19:37:38.0773 6096        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:37:38.0789 6096        mouclass - ok

19:37:38.0789 6096        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:37:38.0789 6096        mouhid - ok

19:37:38.0789 6096        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:37:38.0804 6096        mountmgr - ok

19:37:38.0804 6096        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:37:38.0804 6096        MozillaMaintenance - ok

19:37:38.0804 6096        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:37:38.0820 6096        mpio - ok

19:37:38.0820 6096        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:37:38.0835 6096        mpsdrv - ok

19:37:38.0851 6096        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:37:38.0882 6096        MpsSvc - ok

19:37:38.0882 6096        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:37:38.0882 6096        MRxDAV - ok

19:37:38.0898 6096        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:37:38.0898 6096        mrxsmb - ok

19:37:38.0913 6096        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:37:38.0913 6096        mrxsmb10 - ok

19:37:38.0913 6096        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:37:38.0929 6096        mrxsmb20 - ok

19:37:38.0929 6096        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:37:38.0929 6096        msahci - ok

19:37:38.0929 6096        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:37:38.0945 6096        msdsm - ok

19:37:38.0945 6096        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:37:38.0945 6096        MSDTC - ok

19:37:38.0960 6096        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:37:38.0976 6096        Msfs - ok

19:37:38.0976 6096        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:37:38.0991 6096        mshidkmdf - ok

19:37:38.0991 6096        MSICDSetup - ok

19:37:38.0991 6096        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:37:38.0991 6096        msisadrv - ok

19:37:38.0991 6096        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:37:39.0023 6096        MSiSCSI - ok

19:37:39.0023 6096        msiserver - ok

19:37:39.0023 6096        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:37:39.0038 6096        MSKSSRV - ok

19:37:39.0038 6096        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:37:39.0054 6096        MSPCLOCK - ok

19:37:39.0054 6096        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:37:39.0069 6096        MSPQM - ok

19:37:39.0085 6096        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:37:39.0085 6096        MsRPC - ok

19:37:39.0085 6096        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

19:37:39.0101 6096        mssmbios - ok

19:37:39.0101 6096        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:37:39.0116 6096        MSTEE - ok

19:37:39.0116 6096        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

19:37:39.0116 6096        MTConfig - ok

19:37:39.0116 6096        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:37:39.0132 6096        Mup - ok

19:37:39.0132 6096        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:37:39.0163 6096        napagent - ok

19:37:39.0163 6096        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:37:39.0179 6096        NativeWifiP - ok

19:37:39.0194 6096        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:37:39.0210 6096        NDIS - ok

19:37:39.0210 6096        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:37:39.0225 6096        NdisCap - ok

19:37:39.0225 6096        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:37:39.0241 6096        NdisTapi - ok

19:37:39.0257 6096        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:37:39.0272 6096        Ndisuio - ok

19:37:39.0272 6096        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:37:39.0288 6096        NdisWan - ok

19:37:39.0288 6096        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:37:39.0303 6096        NDProxy - ok

19:37:39.0303 6096        Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys

19:37:39.0319 6096        Netaapl - ok

19:37:39.0319 6096        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:37:39.0335 6096        NetBIOS - ok

19:37:39.0335 6096        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:37:39.0350 6096        NetBT - ok

19:37:39.0350 6096        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:37:39.0366 6096        Netlogon - ok

19:37:39.0366 6096        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:37:39.0397 6096        Netman - ok

19:37:39.0397 6096        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:37:39.0428 6096        netprofm - ok

19:37:39.0428 6096        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:37:39.0428 6096        NetTcpPortSharing - ok

19:37:39.0428 6096        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

19:37:39.0444 6096        nfrd960 - ok

19:37:39.0444 6096        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:37:39.0475 6096        NlaSvc - ok

19:37:39.0475 6096        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:37:39.0491 6096        Npfs - ok

19:37:39.0491 6096        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:37:39.0506 6096        nsi - ok

19:37:39.0506 6096        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:37:39.0522 6096        nsiproxy - ok

19:37:39.0553 6096        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:37:39.0569 6096        Ntfs - ok

19:37:39.0600 6096        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:37:39.0615 6096        Null - ok

19:37:39.0615 6096        nusb3hub        (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys

19:37:39.0615 6096        nusb3hub - ok

19:37:39.0631 6096        nusb3xhc        (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys

19:37:39.0631 6096        nusb3xhc - ok

19:37:39.0631 6096        NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

19:37:39.0647 6096        NVHDA - ok

19:37:39.0912 6096        nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:37:40.0068 6096        nvlddmkm - ok

19:37:40.0099 6096        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:37:40.0099 6096        nvraid - ok

19:37:40.0099 6096        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:37:40.0115 6096        nvstor - ok

19:37:40.0130 6096        nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe

19:37:40.0146 6096        nvsvc - ok

19:37:40.0193 6096        nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

19:37:40.0208 6096        nvUpdatusService - ok

19:37:40.0239 6096        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:37:40.0239 6096        nv_agp - ok

19:37:40.0255 6096        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:37:40.0271 6096        ohci1394 - ok

19:37:40.0286 6096        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:37:40.0286 6096        p2pimsvc - ok

19:37:40.0302 6096        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:37:40.0302 6096        p2psvc - ok

19:37:40.0317 6096        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

19:37:40.0317 6096        Parport - ok

19:37:40.0317 6096        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

19:37:40.0333 6096        partmgr - ok

19:37:40.0333 6096        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:37:40.0349 6096        PcaSvc - ok

19:37:40.0349 6096        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:37:40.0349 6096        pci - ok

19:37:40.0349 6096        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:37:40.0364 6096        pciide - ok

19:37:40.0364 6096        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

19:37:40.0364 6096        pcmcia - ok

19:37:40.0380 6096        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:37:40.0380 6096        pcw - ok

19:37:40.0395 6096        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:37:40.0411 6096        PEAUTH - ok

19:37:40.0442 6096        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

19:37:40.0458 6096        PeerDistSvc - ok

19:37:40.0473 6096        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:37:40.0473 6096        PerfHost - ok

19:37:40.0520 6096        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:37:40.0551 6096        pla - ok

19:37:40.0567 6096        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:37:40.0567 6096        PlugPlay - ok

19:37:40.0567 6096        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:37:40.0583 6096        PNRPAutoReg - ok

19:37:40.0583 6096        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:37:40.0598 6096        PNRPsvc - ok

19:37:40.0598 6096        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:37:40.0629 6096        PolicyAgent - ok

19:37:40.0629 6096        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:37:40.0645 6096        Power - ok

19:37:40.0661 6096        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:37:40.0676 6096        PptpMiniport - ok

19:37:40.0676 6096        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

19:37:40.0676 6096        Processor - ok

19:37:40.0692 6096        ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

19:37:40.0692 6096        ProfSvc - ok

19:37:40.0692 6096        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:37:40.0707 6096        ProtectedStorage - ok

19:37:40.0707 6096        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:37:40.0723 6096        Psched - ok

19:37:40.0754 6096        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

19:37:40.0785 6096        ql2300 - ok

19:37:40.0801 6096        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

19:37:40.0801 6096        ql40xx - ok

19:37:40.0817 6096        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:37:40.0817 6096        QWAVE - ok

19:37:40.0832 6096        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:37:40.0832 6096        QWAVEdrv - ok

19:37:40.0832 6096        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:37:40.0863 6096        RasAcd - ok

19:37:40.0863 6096        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:37:40.0879 6096        RasAgileVpn - ok

19:37:40.0879 6096        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:37:40.0895 6096        RasAuto - ok

19:37:40.0895 6096        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:37:40.0910 6096        Rasl2tp - ok

19:37:40.0926 6096        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:37:40.0957 6096        RasMan - ok

19:37:40.0957 6096        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:37:40.0973 6096        RasPppoe - ok

19:37:40.0973 6096        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:37:40.0988 6096        RasSstp - ok

19:37:41.0004 6096        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:37:41.0019 6096        rdbss - ok

19:37:41.0019 6096        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:37:41.0019 6096        rdpbus - ok

19:37:41.0035 6096        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:37:41.0051 6096        RDPCDD - ok

19:37:41.0051 6096        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

19:37:41.0051 6096        RDPDR - ok

19:37:41.0051 6096        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:37:41.0066 6096        RDPENCDD - ok

19:37:41.0082 6096        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:37:41.0097 6096        RDPREFMP - ok

19:37:41.0097 6096        RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

19:37:41.0097 6096        RDPWD - ok

19:37:41.0113 6096        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:37:41.0113 6096        rdyboost - ok

19:37:41.0113 6096        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:37:41.0129 6096        RemoteAccess - ok

19:37:41.0207 6096        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:37:41.0222 6096        RemoteRegistry - ok

19:37:41.0222 6096        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:37:41.0238 6096        RpcEptMapper - ok

19:37:41.0238 6096        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:37:41.0253 6096        RpcLocator - ok

19:37:41.0269 6096        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:37:41.0285 6096        RpcSs - ok

19:37:41.0285 6096        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:37:41.0300 6096        rspndr - ok

19:37:41.0300 6096        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

19:37:41.0300 6096        s3cap - ok

19:37:41.0316 6096        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:37:41.0316 6096        SamSs - ok

19:37:41.0316 6096        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:37:41.0331 6096        sbp2port - ok

19:37:41.0331 6096        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:37:41.0347 6096        SCardSvr - ok

19:37:41.0347 6096        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:37:41.0363 6096        scfilter - ok

19:37:41.0394 6096        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:37:41.0409 6096        Schedule - ok

19:37:41.0409 6096        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:37:41.0425 6096        SCPolicySvc - ok

19:37:41.0441 6096        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:37:41.0441 6096        SDRSVC - ok

19:37:41.0441 6096        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:37:41.0456 6096        secdrv - ok

19:37:41.0472 6096        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:37:41.0487 6096        seclogon - ok

19:37:41.0487 6096        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:37:41.0503 6096        SENS - ok

19:37:41.0503 6096        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:37:41.0503 6096        SensrSvc - ok

19:37:41.0503 6096        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

19:37:41.0519 6096        Serenum - ok

19:37:41.0519 6096        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

19:37:41.0519 6096        Serial - ok

19:37:41.0519 6096        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

19:37:41.0534 6096        sermouse - ok

19:37:41.0534 6096        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:37:41.0550 6096        SessionEnv - ok

19:37:41.0550 6096        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:37:41.0565 6096        sffdisk - ok

19:37:41.0565 6096        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:37:41.0565 6096        sffp_mmc - ok

19:37:41.0565 6096        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:37:41.0581 6096        sffp_sd - ok

19:37:41.0581 6096        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

19:37:41.0581 6096        sfloppy - ok

19:37:41.0597 6096        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:37:41.0612 6096        SharedAccess - ok

19:37:41.0612 6096        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:37:41.0643 6096        ShellHWDetection - ok

19:37:41.0643 6096        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

19:37:41.0643 6096        SiSRaid2 - ok

19:37:41.0643 6096        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

19:37:41.0659 6096        SiSRaid4 - ok

19:37:41.0659 6096        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:37:41.0675 6096        Smb - ok

19:37:41.0675 6096        smbusp          (3da591bbab178a3152b8685dc43b20cd) C:\Windows\system32\DRIVERS\intelsmb.sys

19:37:41.0675 6096        smbusp - ok

19:37:41.0675 6096        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:37:41.0690 6096        SNMPTRAP - ok

19:37:41.0690 6096        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:37:41.0690 6096        spldr - ok

19:37:41.0706 6096        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:37:41.0721 6096        Spooler - ok

19:37:41.0815 6096        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:37:41.0862 6096        sppsvc - ok

19:37:41.0877 6096        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:37:41.0893 6096        sppuinotify - ok

19:37:41.0909 6096        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:37:41.0909 6096        srv - ok

19:37:41.0924 6096        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:37:41.0924 6096        srv2 - ok

19:37:41.0940 6096        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:37:41.0940 6096        srvnet - ok

19:37:41.0955 6096        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:37:41.0971 6096        SSDPSRV - ok

19:37:41.0971 6096        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys

19:37:41.0971 6096        SSPORT - ok

19:37:41.0971 6096        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:37:41.0987 6096        SstpSvc - ok

19:37:41.0987 6096        Steam Client Service - ok

19:37:42.0002 6096        Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

19:37:42.0018 6096        Stereo Service - ok

19:37:42.0018 6096        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

19:37:42.0018 6096        stexstor - ok

19:37:42.0033 6096        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:37:42.0049 6096        stisvc - ok

19:37:42.0049 6096        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

19:37:42.0049 6096        storflt - ok

19:37:42.0049 6096        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

19:37:42.0065 6096        StorSvc - ok

19:37:42.0065 6096        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

19:37:42.0065 6096        storvsc - ok

19:37:42.0065 6096        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

19:37:42.0065 6096        swenum - ok

19:37:42.0080 6096        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:37:42.0111 6096        swprv - ok

19:37:42.0143 6096        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:37:42.0158 6096        SysMain - ok

19:37:42.0174 6096        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:37:42.0189 6096        TabletInputService - ok

19:37:42.0205 6096        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:37:42.0221 6096        TapiSrv - ok

19:37:42.0221 6096        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:37:42.0236 6096        TBS - ok

19:37:42.0283 6096        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

19:37:42.0299 6096        Tcpip - ok

19:37:42.0345 6096        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

19:37:42.0361 6096        TCPIP6 - ok

19:37:42.0392 6096        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:37:42.0408 6096        tcpipreg - ok

19:37:42.0408 6096        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:37:42.0408 6096        TDPIPE - ok

19:37:42.0408 6096        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:37:42.0423 6096        TDTCP - ok

19:37:42.0423 6096        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:37:42.0439 6096        tdx - ok

19:37:42.0439 6096        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

19:37:42.0455 6096        TermDD - ok

19:37:42.0455 6096        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:37:42.0486 6096        TermService - ok

19:37:42.0486 6096        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:37:42.0486 6096        Themes - ok

19:37:42.0501 6096        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:37:42.0517 6096        THREADORDER - ok

19:37:42.0517 6096        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:37:42.0533 6096        TrkWks - ok

19:37:42.0533 6096        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:37:42.0564 6096        TrustedInstaller - ok

19:37:42.0564 6096        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:37:42.0579 6096        tssecsrv - ok

19:37:42.0579 6096        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:37:42.0579 6096        TsUsbFlt - ok

19:37:42.0579 6096        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

19:37:42.0595 6096        TsUsbGD - ok

19:37:42.0595 6096        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:37:42.0611 6096        tunnel - ok

19:37:42.0611 6096        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

19:37:42.0611 6096        uagp35 - ok

19:37:42.0626 6096        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:37:42.0642 6096        udfs - ok

19:37:42.0642 6096        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:37:42.0657 6096        UI0Detect - ok

19:37:42.0657 6096        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:37:42.0657 6096        uliagpkx - ok

19:37:42.0657 6096        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

19:37:42.0673 6096        umbus - ok

19:37:42.0673 6096        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

19:37:42.0673 6096        UmPass - ok

19:37:42.0689 6096        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

19:37:42.0689 6096        UmRdpService - ok

19:37:42.0704 6096        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:37:42.0720 6096        upnphost - ok

19:37:42.0720 6096        USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

19:37:42.0720 6096        USBAAPL64 - ok

19:37:42.0735 6096        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:37:42.0735 6096        usbccgp - ok

19:37:42.0735 6096        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:37:42.0751 6096        usbcir - ok

19:37:42.0751 6096        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

19:37:42.0751 6096        usbehci - ok

19:37:42.0751 6096        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:37:42.0767 6096        usbhub - ok

19:37:42.0767 6096        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

19:37:42.0767 6096        usbohci - ok

19:37:42.0767 6096        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

19:37:42.0782 6096        usbprint - ok

19:37:42.0782 6096        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:37:42.0782 6096        USBSTOR - ok

19:37:42.0798 6096        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

19:37:42.0798 6096        usbuhci - ok

19:37:42.0798 6096        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:37:42.0813 6096        UxSms - ok

19:37:42.0813 6096        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:37:42.0829 6096        VaultSvc - ok

19:37:42.0829 6096        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:37:42.0829 6096        vdrvroot - ok

19:37:42.0845 6096        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:37:42.0860 6096        vds - ok

19:37:42.0860 6096        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:37:42.0876 6096        vga - ok

19:37:42.0876 6096        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:37:42.0891 6096        VgaSave - ok

19:37:42.0891 6096        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:37:42.0907 6096        vhdmp - ok

19:37:42.0907 6096        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:37:42.0907 6096        viaide - ok

19:37:42.0907 6096        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

19:37:42.0923 6096        vmbus - ok

19:37:42.0923 6096        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

19:37:42.0923 6096        VMBusHID - ok

19:37:42.0923 6096        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:37:42.0938 6096        volmgr - ok

19:37:42.0938 6096        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:37:42.0954 6096        volmgrx - ok

19:37:42.0954 6096        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:37:42.0969 6096        volsnap - ok

19:37:42.0969 6096        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

19:37:42.0969 6096        vsmraid - ok

19:37:43.0016 6096        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:37:43.0032 6096        VSS - ok

19:37:43.0063 6096        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

19:37:43.0063 6096        vwifibus - ok

19:37:43.0079 6096        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:37:43.0094 6096        W32Time - ok

19:37:43.0094 6096        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

19:37:43.0094 6096        WacomPen - ok

19:37:43.0110 6096        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:37:43.0125 6096        WANARP - ok

19:37:43.0125 6096        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:37:43.0141 6096        Wanarpv6 - ok

19:37:43.0172 6096        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:37:43.0188 6096        WatAdminSvc - ok

19:37:43.0219 6096        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:37:43.0235 6096        wbengine - ok

19:37:43.0250 6096        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:37:43.0266 6096        WbioSrvc - ok

19:37:43.0266 6096        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:37:43.0281 6096        wcncsvc - ok

19:37:43.0281 6096        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:37:43.0297 6096        WcsPlugInService - ok

19:37:43.0297 6096        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

19:37:43.0297 6096        Wd - ok

19:37:43.0313 6096        WDDMService     (b4c34eb650eb1309f1b0c5eb34afe091) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

19:37:43.0313 6096        WDDMService - ok

19:37:43.0328 6096        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:37:43.0344 6096        Wdf01000 - ok

19:37:43.0375 6096        WDFMEService    (1bd70aa3d8c7a6178d180d0643643b14) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

19:37:43.0391 6096        WDFMEService - ok

19:37:43.0422 6096        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:37:43.0437 6096        WdiServiceHost - ok

19:37:43.0437 6096        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:37:43.0437 6096        WdiSystemHost - ok

19:37:43.0469 6096        WDRulesService  (834b4943472296efde82d3e3e9d69377) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

19:37:43.0484 6096        WDRulesService - ok

19:37:43.0500 6096        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:37:43.0515 6096        WebClient - ok

19:37:43.0515 6096        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:37:43.0547 6096        Wecsvc - ok

19:37:43.0547 6096        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:37:43.0562 6096        wercplsupport - ok

19:37:43.0562 6096        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:37:43.0578 6096        WerSvc - ok

19:37:43.0593 6096        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:37:43.0609 6096        WfpLwf - ok

19:37:43.0609 6096        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:37:43.0609 6096        WIMMount - ok

19:37:43.0609 6096        WinDefend - ok

19:37:43.0609 6096        WinHttpAutoProxySvc - ok

19:37:43.0625 6096        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:37:43.0640 6096        Winmgmt - ok

19:37:43.0671 6096        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:37:43.0703 6096        WinRM - ok

19:37:43.0734 6096        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

19:37:43.0734 6096        WinUsb - ok

19:37:43.0749 6096        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:37:43.0765 6096        Wlansvc - ok

19:37:43.0812 6096        wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:37:43.0843 6096        wlidsvc - ok

19:37:43.0859 6096        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:37:43.0859 6096        WmiAcpi - ok

19:37:43.0874 6096        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:37:43.0874 6096        wmiApSrv - ok

19:37:43.0874 6096        WMPNetworkSvc - ok

19:37:43.0874 6096        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:37:43.0890 6096        WPCSvc - ok

19:37:43.0890 6096        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:37:43.0905 6096        WPDBusEnum - ok

19:37:43.0905 6096        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:37:43.0921 6096        ws2ifsl - ok

19:37:43.0921 6096        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:37:43.0937 6096        wscsvc - ok

19:37:43.0937 6096        WSearch - ok

19:37:43.0983 6096        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

19:37:43.0999 6096        wuauserv - ok

19:37:44.0030 6096        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:37:44.0046 6096        WudfPf - ok

19:37:44.0046 6096        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:37:44.0061 6096        WUDFRd - ok

19:37:44.0077 6096        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:37:44.0093 6096        wudfsvc - ok

19:37:44.0093 6096        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:37:44.0108 6096        WwanSvc - ok

19:37:44.0108 6096        XTUService      (876f0c41035c04ba7a44ec0418408f69) C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

19:37:44.0108 6096        XTUService - ok

19:37:44.0108 6096        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

19:37:44.0124 6096        xusb21 - ok

19:37:44.0124 6096        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

19:37:44.0186 6096        \Device\Harddisk1\DR1 - ok

19:37:44.0186 6096        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:37:44.0233 6096        \Device\Harddisk0\DR0 - ok

19:37:44.0233 6096        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

19:37:44.0295 6096        \Device\Harddisk2\DR2 - ok

19:37:44.0311 6096        Boot (0x1200)   (24106a563911eff1194ccce63c2f062a) \Device\Harddisk1\DR1\Partition0

19:37:44.0311 6096        \Device\Harddisk1\DR1\Partition0 - ok

19:37:44.0311 6096        Boot (0x1200)   (fd19fb908651d337bbb28ad72f99beed) \Device\Harddisk1\DR1\Partition1

19:37:44.0311 6096        \Device\Harddisk1\DR1\Partition1 - ok

19:37:44.0311 6096        Boot (0x1200)   (043b5fc9e071c400cc6c31b918f34241) \Device\Harddisk0\DR0\Partition0

19:37:44.0311 6096        \Device\Harddisk0\DR0\Partition0 - ok

19:37:44.0311 6096        Boot (0x1200)   (e66a494f8f95894a4e8bfb05e9b02ac1) \Device\Harddisk2\DR2\Partition0

19:37:44.0311 6096        \Device\Harddisk2\DR2\Partition0 - ok

19:37:44.0311 6096        Boot (0x1200)   (d22ebbf098509f3b224bf6502b283a7b) \Device\Harddisk2\DR2\Partition1

19:37:44.0311 6096        \Device\Harddisk2\DR2\Partition1 - ok

19:37:44.0311 6096        ============================================================

19:37:44.0311 6096        Scan finished

19:37:44.0311 6096        ============================================================

19:37:44.0311 5248        Detected object count: 0

19:37:44.0311 5248        Actual detected object count: 0

gruss
thomas

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

guten morgen

hier das logfile von combofix:

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 12-06-25.01 - admin 25.06.2012   9:49.1.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.16366.12106 [GMT 2:00]

ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\jestertb.dll

D:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-25 bis 2012-06-25  ))))))))))))))))))))))))))))))

.

.

2012-06-25 07:51 . 2012-06-25 07:51        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-06-25 07:51 . 2012-06-25 07:51        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-06-22 17:23 . 2012-06-22 17:23        --------        d-----w-        C:\_OTL

2012-06-22 17:15 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-22 17:15 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-22 17:15 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-22 17:15 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-22 17:15 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-22 17:15 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-22 17:15 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-22 17:15 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-22 17:15 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-17 11:34 . 2012-06-17 11:34        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 11:34 . 2012-06-17 11:34        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-15 22:55 . 2012-06-15 22:55        --------        d-----w-        c:\program files (x86)\ESET

2012-06-14 21:53 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-06-13 18:17 . 2012-06-13 18:17        --------        d-----w-        c:\users\admin\AppData\Roaming\Malwarebytes

2012-06-13 18:17 . 2012-06-13 18:17        --------        d-----w-        c:\programdata\Malwarebytes

2012-06-13 18:17 . 2012-06-13 18:17        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-13 18:17 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-06-11 07:08 . 2012-06-11 07:08        --------        d-----w-        c:\users\admin\AppData\Local\Macromedia

2012-06-10 11:01 . 2012-06-12 20:32        --------        d-----w-        c:\program files\Microsoft Silverlight

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 08:18 . 2012-03-31 10:51        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 08:18 . 2011-06-27 19:59        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-08 21:08 . 2012-04-09 20:32        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-08 21:08 . 2012-04-09 20:32        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-04-10 20:46 . 2011-06-28 22:12        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-03-30 11:35 . 2012-05-09 19:50        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Steam"="d:\programme\Steam\Steam.exe" [2011-08-02 1242448]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]

"3170 Scan2PC"="c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [2009-06-11 503808]

"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - d:\programme\Open Office\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

R2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328]

S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256]

S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256]

S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]

S3 ICTDrv;ICTDrv;c:\windows\system32\DRIVERS\ICTDrv.sys [x]

S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:18]

.

2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 21:13]

.

2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 21:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3ke90op0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.new.facebook.com/home.php

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

AddRemove-553E35CD-0415-41bc-B39A-410375E88534 - c:\program files (x86)\Intel\ACPI Driver Installer\Uninstall\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-784953121-418807109-1662913338-1000\Software\SecuROM\License information*]

"datasecu"=hex:76,39,52,93,01,bb,2f,be,16,a9,94,83,64,97,bd,af,46,3a,4b,2b,46,

   65,00,79,dd,54,4a,f9,d1,b7,21,66,d1,bb,90,08,02,b4,7f,de,49,d8,8c,5d,2b,52,\

"rkeysecu"=hex:3d,18,b1,18,40,df,2f,6a,27,d7,81,03,e8,2e,ef,a2

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-25  09:53:45 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-06-25 07:53

.

Vor Suchlauf: 13 Verzeichnis(se), 83'952'492'544 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 86'431'436'800 Bytes frei

.

- - End Of File - - 40C87F876614B1914C8681BDB494F642

 
--- --- ---

gruss
thomas