| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zeus Virus InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.12.2012, 17:55
| #1 |
 |  Zeus Virus Infektion Hallo! Habe da ein riesen Problem: Ich habe heute eine Mail von meinem Email-Anbieter erhalten, dass mein PC womöglich mit dem Zeus-Virus infiziert ist! Außerdem hat Facebook meinen Account aus demselben Grund erstmal gesperrt! Aber in der Mail steht die Uhrzeit und das Datum, zu der die Infektion festgestellt wurde als Hilfe zur Identifizierung des infizierten PCs. Und genau zu diesem Zeitpunkt, habe ich mich bei meinem Freund am PC eingeloggt. Allerdings habe ich mich später auch nochmal von meinem Laptop aus eingeloggt und habe jetzt Angst davor, dass der auch betroffen sein könnte... Ich brauche den Laptop unbedingt für mein Studium deshalb wäre das fatal, wenn der jetzt längere Zeit ausfallen würde. Facebook riet mir zum Download von Microsoft Security Essentials, was ich auch getan habe und habe auch ein Scan gestartet, der hat aber keine Infektion entdeckt. Auch Avast! hat keine Infektion entdecken können. Ich tätige kein Online-Banking. Mein Laptop ist ein Fertig-PC, Modell: Asus Notebook K53SV, K53SJ-Series Betriebssystem: Windows 7 Home Premium (64-Bit) Arbeitsspeicher: 6 GB Prozessor: Intel Core i7 2630 QM-CPU @ 2.0 GHz 2.0 GHz Habe außerdem meine Passwörter für amazon, ebay etc. von einem anderen PC aus geändert! Wäre genial wenn ihr mir helfen könntet, ist wirklich dringend! Hier mal die Email: Code:
ATTFilter Ihr Postfach: ***@web.de
Unsere Referenz: [Ticket AB49935847]
Hinweis: Ihr Name in der Anrede zeigt Ihnen, dass diese Nachricht tatsächlich
von WEB.DE verschickt wurde.
Sehr geehrte/r Herr ***,
Sie erhalten heute eine dringende Nachricht zu Ihrem WEB.DE Postfach
***@web.de und der Sicherheit Ihrer persönlichen Daten.
Unser Team von Sicherheitsexperten hat zwei wichtige Informationen für Sie:
- Ein Virus hat das Passwort zu Ihrem WEB.DE Postfach ausgespäht.
- Dieser Virus heißt Zeus und befindet sich wahrscheinlich auf Ihrem
Computer.
In dieser E-Mail finden Sie alle notwendigen Informationen, um die Sicherheit
Ihres Postfaches und Ihres Computers wiederherzustellen.
***************************************************************************
WICHTIG: Von dem Virus "Zeus" geht eine erhebliche Gefahr aus. Er spioniert
Passwörter und Bank-Daten aus und leitet sie an seine Urheber weiter. Nach und
nach plündern die Angreifer anschließend mithilfe der Bank-Daten die Konten
ihrer Opfer aus. Sie möchten mehr über diesen Virus erfahren? Einen Bericht zu
diesem Virus finden Sie im 1&1 Blog unter:
hxxp://blog.1und1.de/2010/02/11/11-schuetzt-internetnutzer-vor-trojaner-zeus/
***************************************************************************
Und so gewinnen Sie den Kampf gegen Zeus:
***************************************************************************
1. Ändern Sie das Passwort zu Ihrem WEB.DE-Postfach:
***************************************************************************
Loggen Sie sich von einem sicheren Computer in Ihr Postfach ein.
Klicken Sie im linken Menü auf 'Meine Daten'. Sie gelangen in das WEB.DE
Kundencenter und ändern hier sicher Ihr Passwort.
***************************************************************************
2. Erkennen Sie, welcher Computer mit dem Virus Zeus infiziert ist:
***************************************************************************
Haben Sie in den letzten Tagen über unterschiedliche Computer auf Ihr
Postfach zugegriffen? Dann hilft Ihnen die folgende Angabe dabei den betroffenen
Computer zu finden:
Sie haben den Computer zum folgenden Zeitpunkt benutzt: 13.12.2012 17:51:40 Uhr
***************************************************************************
3. Löschen Sie den Virus:
***************************************************************************
Der Virus Zeus nimmt tiefgreifende Veränderungen im Betriebssystem des Computers
vor. Da eine Anti-Viren-Software auf dem Betriebssystem läuft, ist es sehr
schwierig diesen Virus mit einer Software zu entfernen.
Wir empfehlen Ihnen daher, den betroffenen Computer neu zu installieren.
TIPP: Allgemeine Unterstützung bei Virus-Infektionen erhalten vom
Anti-Botnet-Beratungszentrum der deutschen Initiative botfrei.de.
Sie erreichen die Experten des Anti-Botnet-Beratungszentrums unter der folgenden
Rufnummer: 0221 - 677 84 977
Wichtig: Geben Sie bei Ihrem Anruf bitte die folgende Voucher-Nummer an:
01-49935847
***************************************************************************
4. Ändern Sie anschließend alle Ihre Passwörter:
***************************************************************************
Nachdem Sie den Virus erfolgreich entfernt haben, ändern Sie zur Sicherheit das
Passwort erneut.
Ändern Sie auch alle Ihre anderen Passwörter. Denken Sie an Ihre Passwörter zu:
- Ihrem Online-Banking-Zugang
- Ihren Konten bei eBay und Paypal
- Ihren anderen E-Mail-Konten
***************************************************************************
5. Sichern Sie Ihren Computer für die Zukunft:
***************************************************************************
Um Ihren Computer zukünftig optimal zu schützen, empfehlen wir Ihnen die
Installation einer professionellen Anti-Viren-Software, wie dem WEB.DE
PC-Sicherheits-Paket.
Weitere Informationen finden Sie unter: hxxp://www.pc-sicherheit.web.de
***************************************************************************
Haben Sie noch Fragen an uns? Dann antworten Sie einfach auf diese E-Mail und
belassen bitte unsere Referenz [Ticket AB49935847] in Ihrer Nachricht.
Wir freuen uns, mit Ihnen gemeinsam für die Sicherheit Ihres Postfaches zu
sorgen - vielen Dank für Ihre Mitarbeit!
Mit freundlichen Grüßen
Ihr Abuse-Team
--
Abuse-Abteilung
WEB.DE
hxxp://web.de/Impressum
Geändert von noob2012 (14.12.2012 um 18:10 Uhr) Grund: mehr details zum pc |
|
14.12.2012, 18:07
| #2 |
| /// Malware-holic   | Zeus Virus Infektion Hi,
__________________dann auch mal deinen Freund herbestellen :-) Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
14.12.2012, 18:46
| #3 |
| | Zeus Virus Infektion OK, hab OTL drüberlaufen lassen!
__________________hier die txts: OTL.txt: Code:
ATTFilter OTL logfile created on: 14.12.2012 18:14:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 4,12 Gb Available Physical Memory | 69,70% Memory free 11,83 Gb Paging File | 9,84 Gb Available in Paging File | 83,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 66,21 Gb Free Space | 44,42% Space Free | Partition Type: NTFS Drive D: | 434,08 Gb Total Space | 386,70 Gb Free Space | 89,08% Space Free | Partition Type: NTFS Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.14 17:54:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe PRC - [2012.11.22 16:52:49 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.08.31 15:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2011.04.01 19:18:45 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.02.22 21:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe PRC - [2010.10.07 17:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.07.31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 14:56:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012.11.16 14:56:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012.11.16 14:56:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.16 14:56:02 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.16 14:56:00 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012.11.16 14:55:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.16 14:55:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.16 14:55:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.16 14:55:42 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.16 14:55:37 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011.08.31 15:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.08.13 16:43:57 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.08.13 16:43:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012.06.26 09:38:15 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2012.05.30 10:29:38 | 008,712,096 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV:64bit: - [2012.05.30 10:29:38 | 000,567,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV:64bit: - [2011.05.05 21:36:05 | 000,022,528 | ---- | M] () [Auto | Running] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService) SRV:64bit: - [2011.02.22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.04.17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.12.11 23:38:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.08 10:32:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.22 16:52:49 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.03.19 15:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.10.02 23:21:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.05.30 09:30:06 | 000,066,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:64bit: - [2012.05.30 09:30:06 | 000,013,688 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2012.05.07 13:42:30 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:64bit: - [2012.03.19 15:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.12.06 03:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.30 21:13:44 | 000,772,096 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6UX264.sys -- (L6UX2) DRV:64bit: - [2011.10.07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.17 11:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.13 14:12:39 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.14 03:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.07 10:19:37 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.08.03 11:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.23 02:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.21 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.06.02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 81 12 0E E4 6E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={DEDD1D7E-8A85-438A-A4F9-7B18FB12498F}&mid=43b442b8027547d1918a252442f0180c-ca413962f0ee60243e6fdfe94694ca8b7a40075e&lang=de&ds=AVG&pr=fr&d=2012-06-21 16:25:17&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 17:13:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.02 12:32:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 10:32:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.02 12:32:15 | 000,000,000 | ---D | M] [2011.11.10 17:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions [2012.11.23 18:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\g23tt07x.default-1351463003410\extensions [2012.11.23 18:49:04 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\g23tt07x.default-1351463003410\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.08 10:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.08 10:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.08 10:32:40 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.15 12:19:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.09 22:22:24 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.02 12:11:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.15 12:19:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 12:19:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 12:19:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 12:19:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.10 22:31:47 | 000,001,906 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{400647C8-5A76-476C-B2D4-07C5D6D41580}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.26 10:03:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {0118DFEC-6758-236F-8E10-D98489481EE8} - Browser Customizations ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {31E2CA01-57BA-2A84-06A2-F2E115FF5F6C} - Internet Explorer ActiveX:64bit: {32AE801F-9D49-B4AB-F4C0-4CF6A6F5D69E} - Microsoft Windows Media Player ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4A96C53F-4F40-6695-8C66-5CF2C30A2182} - Offline Browsing Pack ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {4FE40B5D-55D7-B365-2F6C-ED8075892C04} - Browser Customizations ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {B84E309F-188C-4E10-3BCD-1F634CEB8F67} - Internet Explorer ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E4928D80-38F3-D463-09D3-671BAD3720AA} - Microsoft Windows Media Player ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^Users^ASUS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: snp2uvc - hkey= - key= - C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) MsConfig:64bit - StartUpReg: SonicMasterTray - hkey= - key= - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 17:54:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2012.12.14 16:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012.12.14 16:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.12.08 10:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.23 17:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.23 17:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2012.12.14 18:18:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 18:18:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 17:54:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2012.12.14 17:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.14 17:42:25 | 000,050,477 | ---- | M] () -- C:\Users\ASUS\Desktop\Defogger.exe [2012.12.14 17:36:21 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2012.12.14 17:36:19 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2012.12.14 17:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.14 17:35:34 | 467,480,575 | -HS- | M] () -- C:\hiberfil.sys [2012.12.14 16:50:32 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.12.14 16:47:40 | 001,643,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.14 16:47:40 | 000,708,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.14 16:47:40 | 000,663,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.14 16:47:40 | 000,151,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.14 16:47:40 | 000,124,832 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.13 09:44:52 | 005,003,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.10 23:34:54 | 000,000,132 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012.11.22 16:52:49 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe ========== Files Created - No Company Name ========== [2012.12.14 17:42:23 | 000,050,477 | ---- | C] () -- C:\Users\ASUS\Desktop\Defogger.exe [2012.12.14 16:50:32 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.12.14 16:50:27 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.11.16 03:07:41 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 03:01:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.09.02 12:21:36 | 000,182,906 | ---- | C] () -- C:\Windows\hpoins38.dat [2012.09.02 12:21:36 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2012.08.13 13:27:25 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.08.13 13:27:25 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.07.15 19:12:38 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.06.20 12:50:36 | 000,000,132 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Adobe Targa Format CS6 Prefs [2012.06.19 11:00:31 | 000,000,132 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012.03.19 15:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 15:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 15:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 14:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.24 02:26:31 | 000,000,132 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.01.23 18:01:19 | 000,000,132 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.01.17 14:19:49 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2012.01.17 14:19:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll [2012.01.17 14:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll [2011.12.07 13:24:13 | 000,000,132 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Adobe Targa Format CS5 Prefs [2011.11.29 13:37:19 | 000,000,132 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.11.16 03:38:03 | 001,621,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.01 18:11:18 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2011.04.01 18:09:51 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2011.04.01 01:53:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.12.31 16:31:43 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Ableton [2012.06.26 11:26:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Autodesk [2012.03.20 12:09:59 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\AVG [2011.11.21 19:47:09 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.09.24 01:48:55 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\DAZ 3D [2012.12.14 17:37:58 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Dropbox [2012.08.13 12:24:08 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\FileZilla [2012.06.21 15:38:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\HTC [2012.06.22 03:55:13 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.12.27 21:01:56 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Line 6 [2012.05.03 10:48:39 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\MonoDevelop-Unity-2.8 [2011.12.06 00:52:17 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\OpenOffice.org [2012.04.03 10:17:54 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\PACE Anti-Piracy [2012.06.08 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\PDAppFlex [2012.04.19 09:34:52 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\pdfforge [2012.01.20 14:52:50 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.19 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Subversion [2012.12.05 12:39:12 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TeamViewer [2012.08.13 12:24:09 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TS3Client [2012.04.03 10:21:35 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Unity ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.07 11:53:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.11.07 11:55:15 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2012.06.26 10:03:31 | 000,000,000 | ---D | M] -- C:\Autodesk [2011.12.27 20:23:42 | 000,000,000 | -HSD | M] -- C:\Boot [2012.12.14 17:35:32 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.04.01 19:14:59 | 000,000,000 | ---D | M] -- C:\eSupport [2011.04.01 19:01:16 | 000,000,000 | ---D | M] -- C:\Intel [2012.04.18 23:52:25 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.03.29 18:39:22 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.14 17:27:44 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.14 16:50:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.09.24 01:45:11 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.07 11:52:01 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.14 18:16:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.29 18:39:59 | 000,000,000 | R--D | M] -- C:\Users [2012.12.14 17:35:52 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.04 08:41:00 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.04.01 02:15:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.04.01 02:02:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2011.04.01 02:15:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2011.04.01 02:02:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2011.04.01 02:15:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2011.04.01 02:02:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.04.01 02:15:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2011.04.01 02:02:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.09.14 03:24:25 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\IRST\64\IASTOR.SYS [2010.09.14 03:24:25 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2010.09.14 03:24:25 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.04.01 02:56:12 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.04.01 02:56:12 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.04.01 02:56:12 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.04.01 02:56:12 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2011.04.01 02:15:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.04.01 02:15:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.14 18:34:32 | 004,718,592 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT [2012.12.14 18:34:32 | 000,262,144 | -HS- | M] () -- C:\Users\ASUS\ntuser.dat.LOG1 [2011.11.07 11:53:39 | 000,000,000 | -HS- | M] () -- C:\Users\ASUS\ntuser.dat.LOG2 [2011.11.07 11:59:20 | 000,065,536 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.11.07 11:59:20 | 000,524,288 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.11.07 11:59:20 | 000,524,288 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.11.07 11:53:39 | 000,000,020 | -HS- | M] () -- C:\Users\ASUS\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 1259 bytes -> C:\ProgramData\Microsoft:p7UE3qNDyMGqmaAsz @Alternate Data Stream - 1050 bytes -> C:\ProgramData\Microsoft:Pv0Z5NqUdtN9baO6Hcl @Alternate Data Stream - 1048 bytes -> C:\ProgramData\Microsoft:5hqTNjIsXMD6N8urjIOI < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.12.2012 18:14:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,91 Gb Total Physical Memory | 4,12 Gb Available Physical Memory | 69,70% Memory free
11,83 Gb Paging File | 9,84 Gb Available in Paging File | 83,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 66,21 Gb Free Space | 44,42% Space Free | Partition Type: NTFS
Drive D: | 434,08 Gb Total Space | 386,70 Gb Free Space | 89,08% Space Free | Partition Type: NTFS
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0070C7D2-CDD0-49FE-B36D-7D7D7B381D50}" = lport=137 | protocol=17 | dir=in | app=system |
"{0399B35F-6202-4A89-A279-869C51087512}" = lport=138 | protocol=17 | dir=in | app=system |
"{1429B85A-FB34-42AE-8D18-960D57B4ECED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14ED44D7-0EFE-4D43-A652-A32A83931439}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1AFBDA2B-CEEC-4764-B28B-12AD1DDCA5C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1F1A9CA4-84D1-416A-9463-516A735626BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20587923-CBB0-49BB-ACB3-E268CF743783}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24578566-A9B7-4F36-9818-BE70A6CD8971}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53C33AAD-EF1E-432A-8FDC-60811888570B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B05CD80-3C43-47DC-8C6B-004ED68C8C00}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F870EA7-3A74-451A-8FA6-586C372CF088}" = rport=139 | protocol=6 | dir=out | app=system |
"{78226DCF-C7D7-4314-9379-FC2321899560}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7E65E876-C735-4C10-A006-3617689930DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F12A71C-78B2-4662-9C33-872BD04358CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{9405B48D-5919-4EF0-B1BB-6844A1C0324B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3F93A98-0CD8-43CD-A781-49CA1B4AFF78}" = rport=137 | protocol=17 | dir=out | app=system |
"{A961B780-DDBD-4878-AF72-70F92CE0F8F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B05193DA-CF94-4615-919F-B07EB3161CE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF53B384-70B2-4394-A363-33D14D4B570C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C0C89322-7959-4B7F-A119-1AE092916AA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{DA6E8A3A-E243-49A6-9838-851FAA7287F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC4E4E9A-8C7D-4E6C-A1AA-95CB247C023F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDAA6B04-101F-41D3-B128-A367E1648CCA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F973BCA3-FBC3-418B-929B-26DF2783E84D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DF03B2-D95B-4C73-BAC6-53668714B0A1}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{070D6212-4382-499F-B6C3-8D5817625140}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B946381-4E40-444C-9D60-114F19756CF7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11FE7253-898D-4686-9042-98E58A18C7FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{147052A2-12E3-4541-9109-AE929E317AC9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{180A4F3D-C1C3-4829-849D-649224581E22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19108F0E-51F8-4266-A15F-E7A9B18E5BE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{1D0850C6-B742-4743-8670-2367DD5B79CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1DA2838A-7C1A-4236-8F88-1FDC0C54E022}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{2768704A-E12A-420C-AE6A-EBD85B821CEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{27740F28-FEC1-42FE-9DF7-25FAF03D5E39}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{3D8FD6C2-858E-41D6-A303-99963F67756E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{41343C31-C216-4C2C-B48D-523ADDD27597}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{41498E35-E13D-4B7B-8246-FB24DE28677D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4712F6B8-68BA-4391-9A96-02CFE6281317}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{4AC9DC42-BA23-46F1-B513-37DB2F04AB04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F30F8C6-9EAC-4DAB-8F47-94BBADD109E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{502790D4-318C-4A23-9890-497A7913E429}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{58119EA5-D3E5-46BA-8489-FF8F82721313}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5A6D8C62-ECFB-4772-80B9-710172785A53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5B29EA1E-EDCC-4B68-A70C-C622644E0686}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6135470C-E4DA-412E-9045-AB624BA7983D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7148538C-CFF3-4608-934B-765B2FAE8DAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72D5B139-1B34-4F23-8242-0A5F8C9C32FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78E19D16-6E8F-46BB-A21D-9A6B0DC918C6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{839CF143-FB0D-4347-90F9-B98242EDB9A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88DE390E-07D9-4DC6-979A-347476F39EDE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B6D57A7-21A0-4655-BA33-8D818092FB94}" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"{91E2A011-64D1-46F6-AA99-08ADC14ABC23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95026B7A-EA84-490A-8E2B-08C94E48ABAD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{97F32D73-1EC6-4842-9701-853C094F848D}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{9B32D031-CF2A-4561-BE87-50859B75C5A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CCE4A39-CAA4-4245-B488-A2B89A15AD72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1373DCB-1CE3-4C9C-AE12-3DE46A39D3D1}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A6F83BDF-4A69-4518-B93B-FF3186B93800}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{ACD4EFB3-7374-4AF8-B76A-76AD54D8CEC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0B5AD8A-F85D-4D26-9844-2FD6D43BF111}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{B1C78370-6FC5-4D09-B559-41312E358269}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3D1C4A9-735A-4235-8B82-C171A0663158}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6CCA432-B91F-4D04-8E72-C79957E027E8}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{B94B22A8-95EF-464E-AE7F-BB7D6749B112}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{BA3BD91D-CBE0-491B-A498-660EB3347D55}" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"{C04E3DE7-09F1-42F1-BD28-11B1CA103361}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{C569D01F-647F-4886-BD88-D30543588466}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE35A3D9-4074-4D46-9A93-9C289B4AC874}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2C83010-D968-46A6-83F9-65F4788EA23C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{D3ED9711-4093-4430-876C-4622EAC1B4D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{E5601123-A473-4DF4-B06C-A67DE42E6A00}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E5AF4DEA-9B39-449D-A5FD-2F4F5A9EB48B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E5CF39C4-C72D-405A-AAD4-F1E529E5CABC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{E71E32CE-2832-4141-84DA-28BAB9F192DA}" = protocol=6 | dir=out | app=system |
"{EA4E6F20-C5DD-4D94-A739-C1A5C5B940AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F3A36C3A-CE7C-481E-AE09-3291D40B4582}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{FB9CF98E-1B54-43D3-85A5-56E2C310E81B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{120C5953-36E7-42BC-A83A-71A57CDC09E5}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"TCP Query User{22845364-D49E-4457-B1C1-810C31812376}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{6C35BAEB-46F1-4337-A952-D00593E9778C}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"TCP Query User{7D0EDD67-15FA-4B5F-80F7-5D278B9796D1}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{B1ED3591-14EF-4C4F-A91F-E1BB99B56FB9}C:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DEBEE2B2-29E3-4F06-908C-56FA01D03F9F}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"UDP Query User{183508C8-9A51-4D7E-AAE4-2AF95B4E1F8D}C:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{21AA3B61-6719-4208-80DE-78521F939782}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"UDP Query User{9962A262-EB8B-4F76-B47B-A7D82B728CE8}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"UDP Query User{9B85E297-8013-46F8-BC24-2456D03A4D94}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{B09ABAF0-5F86-436C-8DBD-E41843C1FA1B}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{C3CBEFCB-CACB-4B2C-BB92-189CDAF4A569}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1B1D83BE-BAB8-4220-A850-036C67590C73}" = TortoiseSVN 1.7.4.22459 (64 bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A2506D00-0BED-11E1-8CD3-782BCBACDE13}" = OpenRL Redistributable 1.0 R2 x64
"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC7C5BA5-0010-1033-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
"{CC7C5BA5-09B5-428E-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
"Autodesk Mudbox 2012 64-bit - English" = Autodesk Mudbox 2012 64-bit - English
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217003F0}" = Java(TM) 7 Update 3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F781FAE-0BED-11E1-A311-782BCBACDE13}" = OpenRL Redistributable 1.0 R2 x86
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Autodesk 3ds Max 2012 64-bit - English SP2" = Autodesk 3ds Max 2012 64-bit - English SP2
"avast" = avast! Free Antivirus
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4.5 (64bit) 4.5.0.114" = DAZ Studio 4.5 (64bit)
"Diablo III" = Diablo III
"FileZilla Client" = FileZilla Client 3.5.3
"FLV Player" = FLV Player 2.0 (build 25)
"GoZ DS4 (64bit) 1.2.0.114" = GoZ DS4 (64bit)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Unity" = Unity
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
"xNormal 3.17.13" = xNormal 3.17.13
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.08.2012 11:45:48 | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 15.08.2012 13:45:06 | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 15.08.2012 13:47:05 | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 17.08.2012 14:32:16 | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 20.08.2012 20:17:14 | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.08.2012 20:17:14 | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
Error - 20.08.2012 20:17:14 | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
Error - 20.08.2012 20:17:15 | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.08.2012 20:17:15 | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012
Error - 20.08.2012 20:17:15 | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
[ System Events ]
Error - 13.12.2012 05:31:16 | Computer Name = ASUS-PC | Source = bowser | ID = 8003
Description =
Error - 13.12.2012 09:04:38 | Computer Name = ASUS-PC | Source = DCOM | ID = 10010
Description =
Error - 13.12.2012 10:30:35 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.12.2012 10:30:35 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.12.2012 18:27:50 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.12.2012 18:27:50 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 14.12.2012 11:43:24 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 14.12.2012 11:43:24 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 14.12.2012 12:38:26 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 14.12.2012 12:38:26 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
hoffe das Ergebnis fällt nicht zu böse aus.... |
|
15.12.2012, 19:17
| #4 |
| /// Malware-holic | Zeus Virus Infektion hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.12.2012, 20:36
| #5 |
| | Zeus Virus Infektion ok, werd ich machen! bin grad ausser haus - ich poste die logs sobald wie möglich! |
|
15.12.2012, 20:37
| #6 |
| /// Malware-holic | Zeus Virus Infektion Hi, musst dich nicht abmelden, wenn du mal n Abend nicht da bist :-) schönes Wochenende, werd mir auch gleich nen Drink machen
__________________ --> Zeus Virus Infektion |
|
16.12.2012, 19:45
| #7 |
| | Zeus Virus Infektion Hi nochmal! Bin jetz grad heimgekommen und habs direkt gestartet! hat 6 threats gefunden... hier die logs: Code:
ATTFilter 19:42:02.0672 4312 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:42:02.0906 4312 ============================================================
19:42:02.0906 4312 Current date / time: 2012/12/16 19:42:02.0906
19:42:02.0906 4312 SystemInfo:
19:42:02.0921 4312
19:42:02.0921 4312 OS Version: 6.1.7601 ServicePack: 1.0
19:42:02.0921 4312 Product type: Workstation
19:42:02.0921 4312 ComputerName: ASUS-PC
19:42:02.0921 4312 UserName: ASUS
19:42:02.0921 4312 Windows directory: C:\Windows
19:42:02.0921 4312 System windows directory: C:\Windows
19:42:02.0921 4312 Running under WOW64
19:42:02.0921 4312 Processor architecture: Intel x64
19:42:02.0921 4312 Number of processors: 8
19:42:02.0921 4312 Page size: 0x1000
19:42:02.0921 4312 Boot type: Normal boot
19:42:02.0921 4312 ============================================================
19:42:04.0060 4312 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:42:04.0060 4312 ============================================================
19:42:04.0060 4312 \Device\Harddisk0\DR0:
19:42:04.0060 4312 MBR partitions:
19:42:04.0060 4312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A18040, BlocksNum 0x12A16000
19:42:04.0091 4312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1442F000, BlocksNum 0x36428800
19:42:04.0091 4312 ============================================================
19:42:04.0154 4312 C: <-> \Device\Harddisk0\DR0\Partition1
19:42:04.0357 4312 D: <-> \Device\Harddisk0\DR0\Partition2
19:42:04.0357 4312 ============================================================
19:42:04.0357 4312 Initialize success
19:42:04.0357 4312 ============================================================
19:42:42.0467 3940 ============================================================
19:42:42.0467 3940 Scan started
19:42:42.0467 3940 Mode: Manual; SigCheck; TDLFS;
19:42:42.0467 3940 ============================================================
19:42:43.0372 3940 ================ Scan system memory ========================
19:42:43.0372 3940 System memory - ok
19:42:43.0372 3940 ================ Scan services =============================
19:42:43.0730 3940 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:42:43.0793 3940 1394ohci - ok
19:42:43.0824 3940 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:42:43.0840 3940 ACPI - ok
19:42:43.0871 3940 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:42:43.0902 3940 AcpiPmi - ok
19:42:44.0042 3940 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:42:44.0089 3940 AdobeARMservice - ok
19:42:44.0354 3940 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:42:44.0386 3940 AdobeFlashPlayerUpdateSvc - ok
19:42:44.0448 3940 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:42:44.0479 3940 adp94xx - ok
19:42:44.0510 3940 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:42:44.0542 3940 adpahci - ok
19:42:44.0573 3940 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:42:44.0588 3940 adpu320 - ok
19:42:44.0604 3940 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:42:44.0698 3940 AeLookupSvc - ok
19:42:44.0760 3940 [ 079CBA3C5C9AB11B2B4E6BD729A860F2 ] AFBAgent C:\Windows\system32\FBAgent.exe
19:42:44.0807 3940 AFBAgent - ok
19:42:44.0869 3940 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:42:44.0932 3940 AFD - ok
19:42:44.0963 3940 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:42:44.0978 3940 agp440 - ok
19:42:45.0010 3940 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:42:45.0072 3940 ALG - ok
19:42:45.0103 3940 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:42:45.0134 3940 aliide - ok
19:42:45.0166 3940 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:42:45.0197 3940 amdide - ok
19:42:45.0228 3940 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:42:45.0259 3940 AmdK8 - ok
19:42:45.0275 3940 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:42:45.0322 3940 AmdPPM - ok
19:42:45.0353 3940 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:42:45.0368 3940 amdsata - ok
19:42:45.0400 3940 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:42:45.0415 3940 amdsbs - ok
19:42:45.0431 3940 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:42:45.0446 3940 amdxata - ok
19:42:45.0478 3940 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:42:45.0556 3940 AppID - ok
19:42:45.0587 3940 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:42:45.0634 3940 AppIDSvc - ok
19:42:45.0665 3940 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:42:45.0727 3940 Appinfo - ok
19:42:45.0774 3940 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:42:45.0805 3940 arc - ok
19:42:45.0805 3940 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:42:45.0821 3940 arcsas - ok
19:42:45.0883 3940 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:42:45.0914 3940 ASLDRService - ok
19:42:45.0930 3940 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:42:45.0946 3940 ASMMAP64 - ok
19:42:46.0055 3940 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:42:46.0086 3940 aspnet_state - ok
19:42:46.0117 3940 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:42:46.0148 3940 aswFsBlk - ok
19:42:46.0211 3940 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:42:46.0242 3940 aswMonFlt - ok
19:42:46.0273 3940 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:42:46.0304 3940 aswRdr - ok
19:42:46.0367 3940 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:42:46.0414 3940 aswSnx - ok
19:42:46.0460 3940 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:42:46.0492 3940 aswSP - ok
19:42:46.0523 3940 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:42:46.0538 3940 aswTdi - ok
19:42:46.0554 3940 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:42:46.0648 3940 AsyncMac - ok
19:42:46.0694 3940 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:42:46.0726 3940 atapi - ok
19:42:46.0819 3940 [ B4174564AD5834A1680610572477878C ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:42:46.0913 3940 athr - ok
19:42:46.0960 3940 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:42:46.0975 3940 ATKGFNEXSrv - ok
19:42:47.0006 3940 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:42:47.0022 3940 ATKWMIACPIIO - ok
19:42:47.0084 3940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:42:47.0147 3940 AudioEndpointBuilder - ok
19:42:47.0178 3940 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:42:47.0209 3940 AudioSrv - ok
19:42:47.0303 3940 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:42:47.0334 3940 avast! Antivirus - ok
19:42:47.0381 3940 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:42:47.0443 3940 AxInstSV - ok
19:42:47.0506 3940 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:42:47.0537 3940 b06bdrv - ok
19:42:47.0584 3940 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:42:47.0630 3940 b57nd60a - ok
19:42:47.0677 3940 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:42:47.0708 3940 BDESVC - ok
19:42:47.0755 3940 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:42:47.0802 3940 Beep - ok
19:42:47.0864 3940 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:42:47.0958 3940 BFE - ok
19:42:48.0005 3940 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:42:48.0067 3940 BITS - ok
19:42:48.0098 3940 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:42:48.0130 3940 blbdrive - ok
19:42:48.0223 3940 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:42:48.0270 3940 Bonjour Service - ok
19:42:48.0332 3940 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:42:48.0379 3940 bowser - ok
19:42:48.0410 3940 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:42:48.0457 3940 BrFiltLo - ok
19:42:48.0504 3940 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:42:48.0566 3940 BrFiltUp - ok
19:42:48.0629 3940 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:42:48.0691 3940 Browser - ok
19:42:48.0722 3940 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:42:48.0785 3940 Brserid - ok
19:42:48.0800 3940 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:42:48.0847 3940 BrSerWdm - ok
19:42:48.0878 3940 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:42:48.0941 3940 BrUsbMdm - ok
19:42:48.0956 3940 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:42:49.0019 3940 BrUsbSer - ok
19:42:49.0034 3940 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:42:49.0097 3940 BTHMODEM - ok
19:42:49.0144 3940 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:42:49.0222 3940 bthserv - ok
19:42:49.0237 3940 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:42:49.0331 3940 cdfs - ok
19:42:49.0393 3940 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:42:49.0440 3940 cdrom - ok
19:42:49.0487 3940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:42:49.0596 3940 CertPropSvc - ok
19:42:49.0643 3940 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:42:49.0690 3940 circlass - ok
19:42:49.0721 3940 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:42:49.0736 3940 CLFS - ok
19:42:49.0846 3940 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:42:49.0877 3940 clr_optimization_v2.0.50727_32 - ok
19:42:49.0939 3940 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:42:49.0970 3940 clr_optimization_v2.0.50727_64 - ok
19:42:50.0080 3940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:42:50.0111 3940 clr_optimization_v4.0.30319_32 - ok
19:42:50.0142 3940 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:42:50.0173 3940 clr_optimization_v4.0.30319_64 - ok
19:42:50.0189 3940 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:42:50.0204 3940 CmBatt - ok
19:42:50.0251 3940 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:42:50.0282 3940 cmdide - ok
19:42:50.0360 3940 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:42:50.0423 3940 CNG - ok
19:42:50.0454 3940 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:42:50.0501 3940 Compbatt - ok
19:42:50.0548 3940 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:42:50.0610 3940 CompositeBus - ok
19:42:50.0626 3940 COMSysApp - ok
19:42:50.0782 3940 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:42:50.0813 3940 cphs - ok
19:42:50.0891 3940 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
19:42:50.0938 3940 cpudrv64 - ok
19:42:51.0000 3940 cpuz135 - ok
19:42:51.0031 3940 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:42:51.0062 3940 crcdisk - ok
19:42:51.0109 3940 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:42:51.0187 3940 CryptSvc - ok
19:42:51.0281 3940 [ 958EF96991ABCCFDAC0953C4A24081DC ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
19:42:51.0296 3940 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning
19:42:51.0296 3940 DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)
19:42:51.0359 3940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:42:51.0437 3940 DcomLaunch - ok
19:42:51.0484 3940 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:42:51.0530 3940 defragsvc - ok
19:42:51.0562 3940 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:42:51.0624 3940 DfsC - ok
19:42:51.0686 3940 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:42:51.0764 3940 Dhcp - ok
19:42:51.0796 3940 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:42:51.0889 3940 discache - ok
19:42:51.0920 3940 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:42:51.0952 3940 Disk - ok
19:42:51.0983 3940 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:42:52.0045 3940 Dnscache - ok
19:42:52.0076 3940 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:42:52.0139 3940 dot3svc - ok
19:42:52.0201 3940 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:42:52.0295 3940 Dot4 - ok
19:42:52.0326 3940 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:42:52.0404 3940 Dot4Print - ok
19:42:52.0420 3940 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:42:52.0451 3940 dot4usb - ok
19:42:52.0482 3940 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:42:52.0591 3940 DPS - ok
19:42:52.0622 3940 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:42:52.0669 3940 drmkaud - ok
19:42:52.0701 3940 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:42:52.0732 3940 DXGKrnl - ok
19:42:52.0779 3940 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:42:52.0872 3940 EapHost - ok
19:42:53.0153 3940 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:42:53.0278 3940 ebdrv - ok
19:42:53.0309 3940 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:42:53.0340 3940 EFS - ok
19:42:53.0434 3940 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:42:53.0527 3940 ehRecvr - ok
19:42:53.0559 3940 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:42:53.0621 3940 ehSched - ok
19:42:53.0683 3940 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:42:53.0730 3940 elxstor - ok
19:42:53.0761 3940 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:42:53.0808 3940 ErrDev - ok
19:42:53.0839 3940 [ 5B042AA9CEBDAB5B61E747DDCEBFF51B ] ETD C:\Windows\system32\DRIVERS\ETD.sys
19:42:53.0871 3940 ETD - ok
19:42:53.0980 3940 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:42:54.0089 3940 EventSystem - ok
19:42:54.0120 3940 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:42:54.0214 3940 exfat - ok
19:42:54.0229 3940 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:42:54.0307 3940 fastfat - ok
19:42:54.0401 3940 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:42:54.0463 3940 Fax - ok
19:42:54.0510 3940 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:42:54.0557 3940 fdc - ok
19:42:54.0588 3940 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:42:54.0651 3940 fdPHost - ok
19:42:54.0666 3940 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:42:54.0713 3940 FDResPub - ok
19:42:54.0729 3940 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:42:54.0744 3940 FileInfo - ok
19:42:54.0775 3940 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:42:54.0853 3940 Filetrace - ok
19:42:54.0947 3940 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:42:55.0056 3940 FLEXnet Licensing Service 64 - ok
19:42:55.0087 3940 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:42:55.0134 3940 flpydisk - ok
19:42:55.0197 3940 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:42:55.0228 3940 FltMgr - ok
19:42:55.0306 3940 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:42:55.0368 3940 FontCache - ok
19:42:55.0446 3940 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:42:55.0477 3940 FontCache3.0.0.0 - ok
19:42:55.0524 3940 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:42:55.0571 3940 FsDepends - ok
19:42:55.0618 3940 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:42:55.0633 3940 Fs_Rec - ok
19:42:55.0696 3940 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:42:55.0743 3940 fvevol - ok
19:42:55.0774 3940 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:42:55.0789 3940 gagp30kx - ok
19:42:55.0836 3940 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:42:55.0914 3940 gpsvc - ok
19:42:55.0945 3940 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:42:55.0961 3940 hcw85cir - ok
19:42:56.0023 3940 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:42:56.0055 3940 HdAudAddService - ok
19:42:56.0101 3940 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:42:56.0133 3940 HDAudBus - ok
19:42:56.0164 3940 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:42:56.0226 3940 HidBatt - ok
19:42:56.0242 3940 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:42:56.0273 3940 HidBth - ok
19:42:56.0320 3940 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:42:56.0367 3940 HidIr - ok
19:42:56.0413 3940 [ F50215611562EECC1BC83F22DB1EA358 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
19:42:56.0460 3940 hidkmdf - ok
19:42:56.0491 3940 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:42:56.0554 3940 hidserv - ok
19:42:56.0616 3940 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:42:56.0663 3940 HidUsb - ok
19:42:56.0710 3940 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:42:56.0788 3940 hkmsvc - ok
19:42:56.0819 3940 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:42:56.0881 3940 HomeGroupListener - ok
19:42:56.0913 3940 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:42:56.0959 3940 HomeGroupProvider - ok
19:42:57.0100 3940 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:42:57.0365 3940 hpqcxs08 - ok
19:42:57.0412 3940 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:42:57.0521 3940 hpqddsvc - ok
19:42:57.0583 3940 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:42:57.0615 3940 HpSAMD - ok
19:42:57.0661 3940 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:42:57.0693 3940 HTCAND64 - ok
19:42:57.0739 3940 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
19:42:57.0786 3940 htcnprot - ok
19:42:57.0849 3940 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:42:57.0927 3940 HTTP - ok
19:42:57.0958 3940 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:42:57.0973 3940 hwpolicy - ok
19:42:58.0020 3940 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:42:58.0036 3940 i8042prt - ok
19:42:58.0067 3940 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:42:58.0098 3940 iaStor - ok
19:42:58.0129 3940 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:42:58.0145 3940 iaStorV - ok
19:42:58.0223 3940 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:42:58.0270 3940 idsvc - ok
19:42:59.0221 3940 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:42:59.0611 3940 igfx - ok
19:42:59.0643 3940 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:42:59.0674 3940 iirsp - ok
19:42:59.0721 3940 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:42:59.0814 3940 IKEEXT - ok
19:42:59.0939 3940 [ 3E3926F4FA7C9162C5C3EC6BF1E4F349 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:42:59.0986 3940 IntcAzAudAddService - ok
19:43:00.0033 3940 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:43:00.0064 3940 IntcDAud - ok
19:43:00.0095 3940 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:43:00.0111 3940 intelide - ok
19:43:00.0142 3940 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:43:00.0220 3940 intelppm - ok
19:43:00.0251 3940 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:43:00.0345 3940 IPBusEnum - ok
19:43:00.0376 3940 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:00.0423 3940 IpFilterDriver - ok
19:43:00.0469 3940 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:43:00.0516 3940 iphlpsvc - ok
19:43:00.0547 3940 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:43:00.0594 3940 IPMIDRV - ok
19:43:00.0625 3940 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:43:00.0688 3940 IPNAT - ok
19:43:00.0719 3940 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:43:00.0766 3940 IRENUM - ok
19:43:00.0797 3940 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:43:00.0828 3940 isapnp - ok
19:43:00.0844 3940 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:43:00.0891 3940 iScsiPrt - ok
19:43:00.0906 3940 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:43:00.0922 3940 kbdclass - ok
19:43:00.0969 3940 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:43:01.0031 3940 kbdhid - ok
19:43:01.0047 3940 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:43:01.0062 3940 kbfiltr - ok
19:43:01.0093 3940 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:43:01.0125 3940 KeyIso - ok
19:43:01.0187 3940 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:43:01.0218 3940 KSecDD - ok
19:43:01.0249 3940 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:43:01.0265 3940 KSecPkg - ok
19:43:01.0296 3940 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:43:01.0374 3940 ksthunk - ok
19:43:01.0390 3940 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:43:01.0468 3940 KtmRm - ok
19:43:01.0530 3940 [ 1107DD2B04A2C73CCBB614C12C70B775 ] L6UX2 C:\Windows\system32\Drivers\L6UX264.sys
19:43:01.0608 3940 L6UX2 - ok
19:43:01.0671 3940 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:43:01.0749 3940 LanmanServer - ok
19:43:01.0811 3940 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:43:01.0873 3940 LanmanWorkstation - ok
19:43:01.0905 3940 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:43:01.0967 3940 lltdio - ok
19:43:01.0998 3940 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:43:02.0061 3940 lltdsvc - ok
19:43:02.0076 3940 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:43:02.0139 3940 lmhosts - ok
19:43:02.0217 3940 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:43:02.0248 3940 LSI_FC - ok
19:43:02.0263 3940 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:43:02.0279 3940 LSI_SAS - ok
19:43:02.0279 3940 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:43:02.0295 3940 LSI_SAS2 - ok
19:43:02.0295 3940 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:43:02.0310 3940 LSI_SCSI - ok
19:43:02.0341 3940 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:43:02.0373 3940 luafv - ok
19:43:02.0419 3940 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:43:02.0482 3940 Mcx2Svc - ok
19:43:02.0529 3940 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:43:02.0560 3940 megasas - ok
19:43:02.0607 3940 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:43:02.0638 3940 MegaSR - ok
19:43:02.0669 3940 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:43:02.0669 3940 MEIx64 - ok
19:43:02.0825 3940 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_64 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
19:43:02.0841 3940 mi-raysat_3dsmax2012_64 ( UnsignedFile.Multi.Generic ) - warning
19:43:02.0841 3940 mi-raysat_3dsmax2012_64 - detected UnsignedFile.Multi.Generic (1)
19:43:02.0872 3940 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:43:02.0950 3940 MMCSS - ok
19:43:02.0981 3940 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:43:03.0028 3940 Modem - ok
19:43:03.0043 3940 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:43:03.0090 3940 monitor - ok
19:43:03.0153 3940 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:43:03.0168 3940 mouclass - ok
19:43:03.0199 3940 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:43:03.0215 3940 mouhid - ok
19:43:03.0262 3940 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:43:03.0293 3940 mountmgr - ok
19:43:03.0402 3940 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:43:03.0433 3940 MozillaMaintenance - ok
19:43:03.0480 3940 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:43:03.0511 3940 MpFilter - ok
19:43:03.0543 3940 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:43:03.0543 3940 mpio - ok
19:43:03.0574 3940 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:43:03.0636 3940 mpsdrv - ok
19:43:03.0667 3940 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:43:03.0730 3940 MpsSvc - ok
19:43:03.0761 3940 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:43:03.0823 3940 MRxDAV - ok
19:43:03.0870 3940 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:03.0933 3940 mrxsmb - ok
19:43:03.0948 3940 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:03.0995 3940 mrxsmb10 - ok
19:43:04.0026 3940 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:04.0104 3940 mrxsmb20 - ok
19:43:04.0135 3940 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:43:04.0151 3940 msahci - ok
19:43:04.0213 3940 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:43:04.0245 3940 msdsm - ok
19:43:04.0276 3940 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:43:04.0307 3940 MSDTC - ok
19:43:04.0338 3940 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:43:04.0385 3940 Msfs - ok
19:43:04.0401 3940 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:43:04.0463 3940 mshidkmdf - ok
19:43:04.0494 3940 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:43:04.0494 3940 msisadrv - ok
19:43:04.0541 3940 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:43:04.0603 3940 MSiSCSI - ok
19:43:04.0619 3940 msiserver - ok
19:43:04.0650 3940 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:43:04.0681 3940 MSKSSRV - ok
19:43:04.0728 3940 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:43:04.0744 3940 MsMpSvc - ok
19:43:04.0775 3940 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:04.0806 3940 MSPCLOCK - ok
19:43:04.0806 3940 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:43:04.0837 3940 MSPQM - ok
19:43:04.0900 3940 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:43:04.0962 3940 MsRPC - ok
19:43:04.0993 3940 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:43:05.0025 3940 mssmbios - ok
19:43:05.0056 3940 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:43:05.0134 3940 MSTEE - ok
19:43:05.0181 3940 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:43:05.0243 3940 MTConfig - ok
19:43:05.0259 3940 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:43:05.0274 3940 Mup - ok
19:43:05.0337 3940 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:43:05.0415 3940 napagent - ok
19:43:05.0461 3940 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:43:05.0555 3940 NativeWifiP - ok
19:43:05.0586 3940 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:43:05.0649 3940 NDIS - ok
19:43:05.0680 3940 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:05.0773 3940 NdisCap - ok
19:43:05.0789 3940 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:05.0867 3940 NdisTapi - ok
19:43:05.0914 3940 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:05.0992 3940 Ndisuio - ok
19:43:06.0039 3940 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:06.0101 3940 NdisWan - ok
19:43:06.0132 3940 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:43:06.0179 3940 NDProxy - ok
19:43:06.0226 3940 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:43:06.0288 3940 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:43:06.0288 3940 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:43:06.0319 3940 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:43:06.0397 3940 NetBIOS - ok
19:43:06.0429 3940 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:43:06.0475 3940 NetBT - ok
19:43:06.0491 3940 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:43:06.0507 3940 Netlogon - ok
19:43:06.0522 3940 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:43:06.0585 3940 Netman - ok
19:43:06.0647 3940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:06.0678 3940 NetMsmqActivator - ok
19:43:06.0678 3940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:06.0694 3940 NetPipeActivator - ok
19:43:06.0709 3940 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:43:06.0756 3940 netprofm - ok
19:43:06.0756 3940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:06.0772 3940 NetTcpActivator - ok
19:43:06.0772 3940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:06.0787 3940 NetTcpPortSharing - ok
19:43:06.0819 3940 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:43:06.0834 3940 nfrd960 - ok
19:43:06.0912 3940 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:43:06.0943 3940 NisDrv - ok
19:43:06.0975 3940 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:43:07.0006 3940 NisSrv - ok
19:43:07.0037 3940 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:43:07.0068 3940 NlaSvc - ok
19:43:07.0084 3940 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:43:07.0131 3940 Npfs - ok
19:43:07.0177 3940 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:43:07.0209 3940 nsi - ok
19:43:07.0224 3940 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:43:07.0271 3940 nsiproxy - ok
19:43:07.0318 3940 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:43:07.0349 3940 Ntfs - ok
19:43:07.0380 3940 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:43:07.0411 3940 Null - ok
19:43:08.0067 3940 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:43:08.0238 3940 nvlddmkm - ok
19:43:08.0301 3940 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:43:08.0332 3940 nvpciflt - ok
19:43:08.0363 3940 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:43:08.0394 3940 nvraid - ok
19:43:08.0410 3940 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:43:08.0441 3940 nvstor - ok
19:43:08.0472 3940 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
19:43:08.0519 3940 NVSvc - ok
19:43:08.0613 3940 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:43:08.0691 3940 nvUpdatusService - ok
19:43:08.0722 3940 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:43:08.0737 3940 nv_agp - ok
19:43:08.0769 3940 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:43:08.0784 3940 ohci1394 - ok
19:43:08.0909 3940 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:43:08.0940 3940 ose - ok
19:43:09.0221 3940 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:43:09.0408 3940 osppsvc - ok
19:43:09.0455 3940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:43:09.0486 3940 p2pimsvc - ok
19:43:09.0533 3940 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:43:09.0595 3940 p2psvc - ok
19:43:09.0642 3940 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:43:09.0673 3940 Parport - ok
19:43:09.0720 3940 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:43:09.0767 3940 partmgr - ok
19:43:09.0829 3940 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
19:43:09.0845 3940 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
19:43:09.0845 3940 PassThru Service - detected UnsignedFile.Multi.Generic (1)
19:43:09.0907 3940 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:43:10.0001 3940 PcaSvc - ok
19:43:10.0017 3940 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:43:10.0063 3940 pci - ok
19:43:10.0079 3940 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:43:10.0079 3940 pciide - ok
19:43:10.0110 3940 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:43:10.0126 3940 pcmcia - ok
19:43:10.0173 3940 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:43:10.0188 3940 pcw - ok
19:43:10.0204 3940 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:43:10.0282 3940 PEAUTH - ok
19:43:10.0422 3940 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:43:10.0485 3940 PerfHost - ok
19:43:10.0594 3940 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:43:10.0703 3940 pla - ok
19:43:10.0765 3940 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:43:10.0828 3940 PlugPlay - ok
19:43:10.0875 3940 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:43:10.0890 3940 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:43:10.0890 3940 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:43:10.0937 3940 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:43:10.0999 3940 PNRPAutoReg - ok
19:43:11.0031 3940 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:43:11.0062 3940 PNRPsvc - ok
19:43:11.0109 3940 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:43:11.0233 3940 PolicyAgent - ok
19:43:11.0265 3940 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:43:11.0327 3940 Power - ok
19:43:11.0405 3940 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:43:11.0499 3940 PptpMiniport - ok
19:43:11.0530 3940 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:43:11.0577 3940 Processor - ok
19:43:11.0623 3940 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:43:11.0686 3940 ProfSvc - ok
19:43:11.0717 3940 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:43:11.0748 3940 ProtectedStorage - ok
19:43:11.0795 3940 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:43:11.0889 3940 Psched - ok
19:43:11.0951 3940 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:43:12.0013 3940 ql2300 - ok
19:43:12.0060 3940 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:43:12.0091 3940 ql40xx - ok
19:43:12.0154 3940 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:43:12.0201 3940 QWAVE - ok
19:43:12.0247 3940 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:43:12.0294 3940 QWAVEdrv - ok
19:43:12.0310 3940 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:43:12.0357 3940 RasAcd - ok
19:43:12.0388 3940 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:43:12.0481 3940 RasAgileVpn - ok
19:43:12.0497 3940 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:43:12.0575 3940 RasAuto - ok
19:43:12.0622 3940 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:43:12.0684 3940 Rasl2tp - ok
19:43:12.0715 3940 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:43:12.0747 3940 RasMan - ok
19:43:12.0778 3940 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:43:12.0825 3940 RasPppoe - ok
19:43:12.0887 3940 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:43:12.0981 3940 RasSstp - ok
19:43:13.0012 3940 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:43:13.0059 3940 rdbss - ok
19:43:13.0074 3940 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:43:13.0137 3940 rdpbus - ok
19:43:13.0168 3940 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:43:13.0215 3940 RDPCDD - ok
19:43:13.0246 3940 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:43:13.0293 3940 RDPENCDD - ok
19:43:13.0308 3940 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:43:13.0371 3940 RDPREFMP - ok
19:43:13.0417 3940 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:43:13.0449 3940 RDPWD - ok
19:43:13.0480 3940 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:43:13.0511 3940 rdyboost - ok
19:43:13.0558 3940 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:43:13.0605 3940 RemoteAccess - ok
19:43:13.0636 3940 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:43:13.0683 3940 RemoteRegistry - ok
19:43:13.0698 3940 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:43:13.0729 3940 RpcEptMapper - ok
19:43:13.0745 3940 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:43:13.0761 3940 RpcLocator - ok
19:43:13.0807 3940 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe
19:43:13.0823 3940 rpcnet - ok
19:43:13.0870 3940 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:43:13.0932 3940 RpcSs - ok
19:43:13.0979 3940 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:43:14.0026 3940 rspndr - ok
19:43:14.0057 3940 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
19:43:14.0088 3940 RSUSBVSTOR - ok
19:43:14.0135 3940 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:43:14.0151 3940 RTL8167 - ok
19:43:14.0166 3940 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:43:14.0182 3940 SamSs - ok
19:43:14.0213 3940 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:43:14.0229 3940 sbp2port - ok
19:43:14.0275 3940 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:43:14.0353 3940 SCardSvr - ok
19:43:14.0385 3940 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:43:14.0463 3940 scfilter - ok
19:43:14.0509 3940 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:43:14.0556 3940 Schedule - ok
19:43:14.0587 3940 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:43:14.0619 3940 SCPolicySvc - ok
19:43:14.0681 3940 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:43:14.0728 3940 SDRSVC - ok
19:43:14.0759 3940 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:43:14.0837 3940 secdrv - ok
19:43:14.0868 3940 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:43:14.0931 3940 seclogon - ok
19:43:14.0946 3940 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:43:14.0993 3940 SENS - ok
19:43:15.0024 3940 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:43:15.0040 3940 SensrSvc - ok
19:43:15.0071 3940 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:43:15.0102 3940 Serenum - ok
19:43:15.0118 3940 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:43:15.0149 3940 Serial - ok
19:43:15.0227 3940 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:43:15.0274 3940 sermouse - ok
19:43:15.0321 3940 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:43:15.0414 3940 SessionEnv - ok
19:43:15.0445 3940 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:43:15.0492 3940 sffdisk - ok
19:43:15.0523 3940 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:43:15.0586 3940 sffp_mmc - ok
19:43:15.0586 3940 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:43:15.0617 3940 sffp_sd - ok
19:43:15.0664 3940 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:43:15.0711 3940 sfloppy - ok
19:43:15.0757 3940 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:43:15.0820 3940 SharedAccess - ok
19:43:15.0851 3940 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:43:15.0898 3940 ShellHWDetection - ok
19:43:15.0945 3940 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
19:43:15.0991 3940 SiSGbeLH - ok
19:43:16.0007 3940 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:43:16.0023 3940 SiSRaid2 - ok
19:43:16.0023 3940 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:43:16.0038 3940 SiSRaid4 - ok
19:43:16.0553 3940 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:43:16.0600 3940 Skype C2C Service - ok
19:43:16.0678 3940 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:43:16.0709 3940 SkypeUpdate - ok
19:43:16.0725 3940 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:43:16.0771 3940 Smb - ok
19:43:16.0803 3940 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:43:16.0865 3940 SNMPTRAP - ok
19:43:17.0021 3940 [ C98375D19F9E9966F6201BAE65FB3728 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
19:43:17.0146 3940 SNP2UVC - ok
19:43:17.0177 3940 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:43:17.0193 3940 spldr - ok
19:43:17.0271 3940 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:43:17.0349 3940 Spooler - ok
19:43:17.0676 3940 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:43:17.0817 3940 sppsvc - ok
19:43:17.0848 3940 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:43:17.0895 3940 sppuinotify - ok
19:43:17.0941 3940 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:43:18.0004 3940 srv - ok
19:43:18.0129 3940 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:43:18.0222 3940 srv2 - ok
19:43:18.0269 3940 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:43:18.0316 3940 srvnet - ok
19:43:18.0347 3940 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:43:18.0409 3940 SSDPSRV - ok
19:43:18.0441 3940 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:43:18.0472 3940 SstpSvc - ok
19:43:18.0503 3940 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:43:18.0519 3940 stexstor - ok
19:43:18.0581 3940 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:43:18.0675 3940 stisvc - ok
19:43:18.0737 3940 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:43:18.0768 3940 swenum - ok
19:43:18.0831 3940 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:43:18.0924 3940 swprv - ok
19:43:19.0065 3940 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:43:19.0205 3940 SysMain - ok
19:43:19.0221 3940 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:43:19.0267 3940 TabletInputService - ok
19:43:20.0250 3940 [ AD3EE30660A27DDBC701E90041D8E62B ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
19:43:20.0359 3940 TabletServiceWacom - ok
19:43:20.0406 3940 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:43:20.0500 3940 TapiSrv - ok
19:43:20.0515 3940 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:43:20.0562 3940 TBS - ok
19:43:20.0718 3940 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:43:20.0812 3940 Tcpip - ok
19:43:20.0952 3940 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:43:21.0015 3940 TCPIP6 - ok
19:43:21.0046 3940 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:43:21.0093 3940 tcpipreg - ok
19:43:21.0171 3940 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:43:21.0217 3940 TDPIPE - ok
19:43:21.0249 3940 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:43:21.0311 3940 TDTCP - ok
19:43:21.0342 3940 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:43:21.0405 3940 tdx - ok
19:43:21.0436 3940 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:43:21.0451 3940 TermDD - ok
19:43:21.0545 3940 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:43:21.0623 3940 TermService - ok
19:43:21.0670 3940 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:43:21.0732 3940 Themes - ok
19:43:21.0763 3940 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:43:21.0810 3940 THREADORDER - ok
19:43:21.0873 3940 [ B39AB8DDEEC289240937BF566505A3D1 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
19:43:21.0919 3940 TouchServiceWacom - ok
19:43:21.0951 3940 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:43:22.0029 3940 TrkWks - ok
19:43:22.0091 3940 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:43:22.0185 3940 TrustedInstaller - ok
19:43:22.0216 3940 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:43:22.0294 3940 tssecsrv - ok
19:43:22.0341 3940 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:43:22.0387 3940 TsUsbFlt - ok
19:43:22.0434 3940 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:43:22.0528 3940 tunnel - ok
19:43:22.0575 3940 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:43:22.0606 3940 TurboB - ok
19:43:22.0653 3940 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:43:22.0668 3940 TurboBoost - ok
19:43:22.0684 3940 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:43:22.0715 3940 uagp35 - ok
19:43:22.0777 3940 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:43:22.0871 3940 udfs - ok
19:43:22.0918 3940 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:43:22.0933 3940 UI0Detect - ok
19:43:22.0965 3940 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:43:22.0996 3940 uliagpkx - ok
19:43:23.0027 3940 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:43:23.0089 3940 umbus - ok
19:43:23.0121 3940 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:43:23.0183 3940 UmPass - ok
19:43:23.0214 3940 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:43:23.0261 3940 upnphost - ok
19:43:23.0308 3940 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:43:23.0355 3940 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:43:23.0355 3940 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:43:23.0386 3940 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:43:23.0433 3940 usbccgp - ok
19:43:23.0479 3940 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:43:23.0542 3940 usbcir - ok
19:43:23.0557 3940 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:43:23.0589 3940 usbehci - ok
19:43:23.0604 3940 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:43:23.0635 3940 usbhub - ok
19:43:23.0667 3940 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:43:23.0729 3940 usbohci - ok
19:43:23.0745 3940 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:43:23.0807 3940 usbprint - ok
19:43:23.0854 3940 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:43:23.0885 3940 usbscan - ok
19:43:23.0916 3940 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:43:23.0979 3940 USBSTOR - ok
19:43:24.0010 3940 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:43:24.0057 3940 usbuhci - ok
19:43:24.0103 3940 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:43:24.0166 3940 usbvideo - ok
19:43:24.0181 3940 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:43:24.0291 3940 UxSms - ok
19:43:24.0306 3940 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:43:24.0306 3940 VaultSvc - ok
19:43:24.0353 3940 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:43:24.0384 3940 vdrvroot - ok
19:43:24.0431 3940 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:43:24.0525 3940 vds - ok
19:43:24.0571 3940 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:43:24.0587 3940 vga - ok
19:43:24.0587 3940 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:43:24.0634 3940 VgaSave - ok
19:43:24.0665 3940 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:43:24.0712 3940 vhdmp - ok
19:43:24.0743 3940 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:43:24.0774 3940 viaide - ok
19:43:24.0790 3940 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:43:24.0805 3940 volmgr - ok
19:43:24.0868 3940 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:43:24.0915 3940 volmgrx - ok
19:43:24.0946 3940 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:43:24.0961 3940 volsnap - ok
19:43:24.0993 3940 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:43:25.0008 3940 vsmraid - ok
19:43:25.0117 3940 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:43:25.0305 3940 VSS - ok
19:43:25.0320 3940 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:43:25.0351 3940 vwifibus - ok
19:43:25.0351 3940 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:43:25.0398 3940 vwififlt - ok
19:43:25.0414 3940 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:43:25.0476 3940 W32Time - ok
19:43:25.0523 3940 [ 68C7FBAADE25F6DE28EC31B0424CC78B ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
19:43:25.0539 3940 WacHidRouter - ok
19:43:25.0585 3940 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:43:25.0617 3940 wacmoumonitor - ok
19:43:25.0648 3940 wacommousefilter - ok
19:43:25.0663 3940 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:43:25.0710 3940 WacomPen - ok
19:43:25.0757 3940 [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
19:43:25.0804 3940 wacomrouterfilter - ok
19:43:25.0835 3940 wacomvhid - ok
19:43:25.0882 3940 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:43:25.0960 3940 WANARP - ok
19:43:26.0007 3940 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:43:26.0053 3940 Wanarpv6 - ok
19:43:26.0209 3940 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:43:26.0319 3940 wbengine - ok
19:43:26.0350 3940 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:43:26.0381 3940 WbioSrvc - ok
19:43:26.0412 3940 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:43:26.0459 3940 wcncsvc - ok
19:43:26.0490 3940 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:43:26.0537 3940 WcsPlugInService - ok
19:43:26.0568 3940 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:43:26.0599 3940 Wd - ok
19:43:26.0646 3940 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:43:26.0693 3940 Wdf01000 - ok
19:43:26.0709 3940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:43:26.0740 3940 WdiServiceHost - ok
19:43:26.0740 3940 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:43:26.0755 3940 WdiSystemHost - ok
19:43:26.0802 3940 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:43:26.0865 3940 WebClient - ok
19:43:26.0896 3940 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:43:26.0974 3940 Wecsvc - ok
19:43:27.0005 3940 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:43:27.0067 3940 wercplsupport - ok
19:43:27.0099 3940 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:43:27.0161 3940 WerSvc - ok
19:43:27.0192 3940 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:27.0239 3940 WfpLwf - ok
19:43:27.0270 3940 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:43:27.0301 3940 WimFltr - ok
19:43:27.0333 3940 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:43:27.0348 3940 WIMMount - ok
19:43:27.0364 3940 WinDefend - ok
19:43:27.0379 3940 WinHttpAutoProxySvc - ok
19:43:27.0426 3940 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:43:27.0551 3940 Winmgmt - ok
19:43:27.0613 3940 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:43:27.0738 3940 WinRM - ok
19:43:27.0785 3940 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:43:27.0832 3940 WinUsb - ok
19:43:27.0879 3940 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:43:27.0925 3940 Wlansvc - ok
19:43:27.0972 3940 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:43:28.0019 3940 WmiAcpi - ok
19:43:28.0050 3940 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:43:28.0081 3940 wmiApSrv - ok
19:43:28.0097 3940 WMPNetworkSvc - ok
19:43:28.0128 3940 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:43:28.0144 3940 WPCSvc - ok
19:43:28.0206 3940 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:43:28.0253 3940 WPDBusEnum - ok
19:43:28.0269 3940 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:43:28.0362 3940 ws2ifsl - ok
19:43:28.0378 3940 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:43:28.0425 3940 wscsvc - ok
19:43:28.0425 3940 WSearch - ok
19:43:28.0503 3940 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:43:28.0627 3940 wuauserv - ok
19:43:28.0659 3940 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:43:28.0705 3940 WudfPf - ok
19:43:28.0768 3940 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:43:28.0815 3940 WUDFRd - ok
19:43:28.0846 3940 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:43:28.0908 3940 wudfsvc - ok
19:43:28.0955 3940 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:43:29.0033 3940 WwanSvc - ok
19:43:29.0064 3940 ================ Scan global ===============================
19:43:29.0080 3940 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:43:29.0111 3940 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:43:29.0142 3940 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:43:29.0189 3940 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:43:29.0220 3940 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:43:29.0236 3940 [Global] - ok
19:43:29.0236 3940 ================ Scan MBR ==================================
19:43:29.0251 3940 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:43:31.0326 3940 \Device\Harddisk0\DR0 - ok
19:43:31.0326 3940 ================ Scan VBR ==================================
19:43:31.0357 3940 [ 6AF208E8693D8EC027FF04352CAC9FB2 ] \Device\Harddisk0\DR0\Partition1
19:43:31.0373 3940 \Device\Harddisk0\DR0\Partition1 - ok
19:43:31.0404 3940 [ 6F8499AE5D79A8D251EF49B7328037C8 ] \Device\Harddisk0\DR0\Partition2
19:43:31.0435 3940 \Device\Harddisk0\DR0\Partition2 - ok
19:43:31.0435 3940 ============================================================
19:43:31.0435 3940 Scan finished
19:43:31.0435 3940 ============================================================
19:43:31.0451 5236 Detected object count: 6
19:43:31.0451 5236 Actual detected object count: 6
19:43:51.0731 5236 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user
19:43:51.0731 5236 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:43:51.0731 5236 mi-raysat_3dsmax2012_64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:43:51.0731 5236 mi-raysat_3dsmax2012_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:43:51.0731 5236 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:43:51.0731 5236 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:43:51.0747 5236 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:43:51.0747 5236 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:43:51.0747 5236 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:43:51.0747 5236 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:43:51.0747 5236 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:43:51.0747 5236 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.12.2012, 19:46
| #8 | |
| /// Malware-holic | Zeus Virus Infektion Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 19:57
| #9 |
| | Zeus Virus Infektion die frage erscheint jetzt vllt etwas dämlich, aber: wie schalte ich die Antivirenprogramme aus? habe avast! drauf - finde da aber keine einfache möglichkeit das teil abzuschalten^^° |
|
16.12.2012, 19:59
| #10 |
| /// Malware-holic | Zeus Virus Infektion Versuchs mal über rechtsklick auf das Symbol im infobereich, meist gibts da ne beenden oder deaktivieren funktion.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 19:59
| #11 |
| | Zeus Virus Infektion ok - danke!  |
|
16.12.2012, 20:03
| #12 |
| /// Malware-holic | Zeus Virus Infektion Dafür nicht :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 20:21
| #13 |
| | Zeus Virus Infektion so - hier die combofix.log: Code:
ATTFilter ComboFix 12-12-14.01 - ASUS 16.12.2012 20:07:48.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6056.3611 [GMT 1:00]
ausgeführt von:: c:\users\ASUS\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-16 bis 2012-12-16 ))))))))))))))))))))))))))))))
.
.
2012-12-16 19:12 . 2012-12-16 19:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-16 19:12 . 2012-12-16 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 19:09 . 2012-12-16 19:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F980310-66EE-4C61-932B-A2ACFB451E21}\offreg.dll
2012-12-14 15:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F980310-66EE-4C61-932B-A2ACFB451E21}\mpengine.dll
2012-12-12 09:22 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 09:21 . 2012-10-04 17:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-23 16:54 . 2012-11-23 16:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 18:35 . 2011-04-01 17:09 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-12-16 18:35 . 2011-11-10 19:51 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-12-12 13:08 . 2011-12-27 19:09 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 22:38 . 2012-04-04 07:40 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 22:38 . 2011-12-03 09:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 15:52 . 2011-11-10 19:51 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-10-30 22:51 . 2012-08-13 20:11 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-13 20:11 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-08-13 20:11 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-08-13 20:11 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-08-13 20:12 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-08-13 20:11 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-08-13 20:11 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-08-13 20:11 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-28 17:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-08-13 20:11 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 18:17 . 2012-11-16 01:30 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-16 01:30 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 01:30 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 01:30 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-04 16:40 . 2012-12-12 09:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-16 01:30 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 01:30 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 01:30 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 01:30 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 01:30 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 01:30 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 01:30 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 01:30 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 01:30 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 01:30 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 01:30 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 22:21 . 2012-10-10 20:51 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-10-10 20:51 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-02 22:21 . 2012-10-10 20:51 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-02 22:21 . 2012-10-10 20:51 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2012-10-10 20:51 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-02 22:21 . 2012-10-10 20:51 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-10-10 20:51 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2012-10-10 20:51 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-10-10 20:51 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:21 . 2012-10-10 20:51 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 22:21 . 2012-10-10 20:51 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-02 22:21 . 2012-10-10 20:51 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-02 22:21 . 2012-10-10 20:51 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-10-10 20:51 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-10 20:51 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 22:21 . 2012-10-10 20:51 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2012-10-10 20:51 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-02 22:21 . 2012-10-10 20:51 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-10-02 22:21 . 2012-10-10 20:51 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-02 22:21 . 2012-10-10 20:51 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-02 22:21 . 2012-03-29 17:38 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-02 22:21 . 2012-03-29 17:38 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2011-04-01 18:02 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2011-04-01 18:02 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2011-04-01 18:02 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2011-04-01 18:02 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 19:51 . 2011-01-29 00:34 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-01-29 00:33 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-01-29 00:34 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-01-29 00:34 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-01-29 00:34 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-01-29 00:34 866664 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-10-02 19:50 . 2011-01-29 00:34 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-01-29 00:34 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-10-02 19:50 . 2011-01-29 00:34 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-09-25 22:47 . 2012-11-16 01:29 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-16 01:29 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-4-1 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 cpuz135;cpuz135;c:\users\ASUS\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-26 1432400]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-05-30 13688]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX264.sys [2011-11-30 772096]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-05-30 66424]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-03-17 13312]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-05-07 15736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-05-30 8712096]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-05-30 567712]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 02390848
*Deregistered* - 02390848
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-01 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\g23tt07x.default-1351463003410\
FF - ExtSQL: 2012-10-25 14:58; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-10-28 20:43; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-28 23:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\g23tt07x.default-1351463003410\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2012-09-02 13:32; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-UnityWebPlayer - c:\users\ASUS\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-16 20:15:33
ComboFix-quarantined-files.txt 2012-12-16 19:15
.
Vor Suchlauf: 10 Verzeichnis(se), 70.387.834.880 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 70.255.595.520 Bytes frei
.
- - End Of File - - E416646475BF5862283B016E9B60A9AB
|
|
16.12.2012, 20:24
| #14 |
| /// Malware-holic | Zeus Virus Infektion Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 21:50
| #15 |
| | Zeus Virus Infektion sooo...jetzt ist der scan fertig!^^ hier die log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.16.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ASUS :: ASUS-PC [Administrator] 16.12.2012 20:29:35 mbam-log-2012-12-16 (20-29-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 557757 Laufzeit: 1 Stunde(n), 18 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Zeus Virus Infektion |
| ausfallen, avast, center, download, dringend, e-mail, ebay, festgestellt, folge, frage, gesperrt, gewinnen, infiziert, infizierte, initiative, laptop, leitet, löschen, microsoft, neu, passwort, problem, scan, security, sicherheit, sicherheitsexperten, virus, ändern |
