Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Snap.Do Trojaner! Wie entferne ich Snap.Do?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.03.2013, 08:14   #1
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



Hey,

in letzter zeit wurde mein Chrom Browser immer wieder von einem Program/trojaner namens Snap.do übernommen. Ich habe danach gegoogelt und habe rausgefunden das es wohl ein Trojaner ist, jedoch weiß ich nicht wie ich es los werde, denn es kommt immer wieder. Deswegen brauche ich eure Hilfe trojaner Board Team.

Ich habe ein Quick scan mit Malwarebytes durchgeführt.

Hier der Log

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.07.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
ASUS :: ASUS-PC [Administrator]

Schutz: Aktiviert

07.03.2013 08:07:10
mbam-log-2013-03-07 (08-07-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234491
Laufzeit: 2 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 07.03.2013, 10:34   #2
markusg
/// Malware-holic
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



hi
warum hat dieses windows keine Updates gesehen? kein Sp1.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 08.03.2013, 14:23   #3
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



hab es neu geupdatet. Also hab jetzt sp.1


wie kann ich die logs in so einen kleinen Kästchen hinzufügen ??
sonst würden die viel zu viel platz weg nehmen.
__________________

Alt 08.03.2013, 19:19   #4
markusg
/// Malware-holic
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



logs einfach reinkopieren
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.03.2013, 13:10   #5
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



ok hier OTL logOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.03.2013 14:01:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,90 Gb Available Physical Memory | 65,95% Memory free
11,83 Gb Paging File | 9,71 Gb Available in Paging File | 82,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 81,46 Gb Free Space | 54,65% Space Free | Partition Type: NTFS
Drive D: | 434,08 Gb Total Space | 433,98 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 1,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ASUS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\ASUS\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\ASUS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdt.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be8209f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll ()
MOD - C:\Users\ASUS\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdt.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (USBTINSP) -- C:\Windows\SysNative\drivers\tinspusb.sys (Texas Instruments)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 8D D3 89 1B FF CD 01  [binary data]
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.03.05 22:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Search
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Avira Toolbar = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.19.38091_0\
CHR - Extension: Snap.Do  = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Drive = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Movie2kDownloader = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Google Mail = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1622653762-2734915653-602354260-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1622653762-2734915653-602354260-1001..\Run: [Akamai NetSession Interface] C:\Users\ASUS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1622653762-2734915653-602354260-1001..\Run: [Browser Infrastructure Helper] C:\Users\ASUS\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKU\S-1-5-21-1622653762-2734915653-602354260-1001..\Run: [DAEMON Tools Lite] C:\Users\ASUS\Desktop\Ahmet\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1622653762-2734915653-602354260-1001..\Run: [GoogleChromeAutoLaunch_D5DDF34FE692FC2EA1B8968615A3C02A] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1622653762-2734915653-602354260-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1622653762-2734915653-602354260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66907D74-EE07-4133-8A0C-35929056ADA2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.07 08:25:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.07 08:21:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.07 08:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.07 08:03:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2013.03.07 08:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.07 08:03:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.07 08:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.07 08:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.06 07:17:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.03.05 22:16:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.05 22:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.03.05 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013.03.05 22:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.03.05 22:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.03.05 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mozilla
[2013.03.05 22:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com
[2013.03.05 22:08:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.03.05 22:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2013.02.21 11:49:58 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Autodesk
[2013.02.21 11:49:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Autodesk
[2013.02.21 11:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2013.02.21 11:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013.02.21 11:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013.02.21 11:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2013.02.21 11:39:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Akamai
[2013.02.21 11:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2013.02.20 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\SWTOR
[2013.02.20 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\HeroBlade Logs
[2013.02.20 10:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2013.02.20 10:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013.02.10 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Smartbar
[2013.02.09 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.09 13:45:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III Reign of Chaos & The Frozen Throne
[2013.02.09 13:43:17 | 000,000,000 | ---D | C] -- C:\Games
[2013.02.09 13:37:49 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\TuneUp Software
[2013.02.09 13:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.02.09 13:37:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.09 13:37:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.09 13:37:21 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.02.09 13:37:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\DAEMON Tools Lite
[2013.02.09 13:37:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\OpenCandy
[2013.02.09 13:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.02.09 13:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2013.02.09 13:23:22 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Programs
[2013.02.09 12:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2013.02.09 12:38:20 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Azureus Downloads
[2013.02.09 12:38:06 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Azureus
[2013.02.09 12:36:52 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus
[2013.02.09 12:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.08 14:04:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 14:04:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 13:53:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.08 13:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.08 13:26:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.08 10:15:37 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.03.08 10:15:28 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.08 10:15:09 | 467,775,487 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.07 12:16:04 | 001,643,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.07 12:16:04 | 000,708,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.07 12:16:04 | 000,663,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.07 12:16:04 | 000,151,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.07 12:16:04 | 000,124,832 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.07 12:09:27 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.07 08:17:10 | 000,001,214 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.03.07 08:03:06 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.06 14:41:16 | 000,023,447 | ---- | M] () -- C:\Users\ASUS\Desktop\Konferenzwoche.odt
[2013.03.05 22:16:36 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.23 09:53:42 | 001,620,410 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.21 11:48:49 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2013.02.21 11:45:50 | 000,002,056 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.02.20 10:54:53 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2013.02.12 21:48:37 | 000,009,725 | ---- | M] () -- C:\Users\ASUS\.TransferManager.db
[2013.02.09 13:45:44 | 000,001,143 | ---- | M] () -- C:\Users\ASUS\Desktop\Frozen Throne.lnk
[2013.02.09 13:45:44 | 000,001,138 | ---- | M] () -- C:\Users\ASUS\Desktop\Warcraft III.lnk
[2013.02.09 13:37:29 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.02.09 13:37:21 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.07 08:03:06 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.07 07:55:08 | 000,002,565 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.03.06 11:36:56 | 000,023,447 | ---- | C] () -- C:\Users\ASUS\Desktop\Konferenzwoche.odt
[2013.03.05 22:09:49 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.03.05 22:09:26 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.21 11:48:49 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2013.02.21 11:41:51 | 001,620,410 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.20 10:54:53 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2013.02.12 21:48:37 | 000,009,725 | ---- | C] () -- C:\Users\ASUS\.TransferManager.db
[2013.02.09 13:45:44 | 000,001,143 | ---- | C] () -- C:\Users\ASUS\Desktop\Frozen Throne.lnk
[2013.02.09 13:45:44 | 000,001,138 | ---- | C] () -- C:\Users\ASUS\Desktop\Warcraft III.lnk
[2013.02.09 13:37:29 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.05.31 01:38:22 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.05.31 01:38:19 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.05.31 01:38:19 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.05.31 01:30:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 00:20:23 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 00:20:21 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 00:20:19 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.21 11:49:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Autodesk
[2013.02.10 14:11:06 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Azureus
[2013.02.09 13:41:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\DAEMON Tools Lite
[2013.03.08 10:16:31 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Dropbox
[2013.01.01 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\DVDVideoSoft
[2013.01.01 15:01:25 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.02.09 13:37:16 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\OpenCandy
[2013.01.22 12:29:52 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\OpenOffice.org
[2013.02.09 13:37:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.27 10:34:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.03.08 10:16:21 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2013.03.07 12:07:31 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.03.07 08:16:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.31 01:39:47 | 000,000,000 | ---D | M] -- C:\eSupport
[2013.02.20 10:54:52 | 000,000,000 | ---D | M] -- C:\Games
[2011.05.31 01:31:54 | 000,000,000 | ---D | M] -- C:\Intel
[2011.05.31 01:35:22 | 000,000,000 | ---D | M] -- C:\NvidiaLogs
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.04 11:23:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.07 08:05:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.07 08:03:05 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.11.27 10:33:04 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.03.08 14:04:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.02 10:21:25 | 000,000,000 | ---D | M] -- C:\temp
[2013.02.20 10:54:30 | 000,000,000 | R--D | M] -- C:\Users
[2013.03.07 12:07:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.12.02 10:16:52 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.12.02 10:16:52 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.08 09:39:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.05.31 00:44:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.05.31 00:31:49 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.05.31 00:44:08 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.05.31 00:31:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.05.31 00:44:08 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.05.31 00:31:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.05.31 00:44:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.05.31 00:31:49 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 16:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys
[2010.11.05 16:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 16:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.05.31 01:25:59 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.05.31 01:25:59 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.05.31 01:25:59 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.05.31 01:25:59 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.05.31 00:44:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.05.31 00:44:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2010.11.20 13:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
< %USERPROFILE%\*.* >
[2013.02.12 21:48:37 | 000,009,725 | ---- | M] () -- C:\Users\ASUS\.TransferManager.db
[2013.03.08 14:20:12 | 001,310,720 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT
[2013.03.08 14:20:12 | 000,262,144 | -HS- | M] () -- C:\Users\ASUS\ntuser.dat.LOG1
[2012.11.27 10:34:23 | 000,000,000 | -HS- | M] () -- C:\Users\ASUS\ntuser.dat.LOG2
[2012.11.27 10:36:19 | 000,065,536 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.11.27 10:36:19 | 000,524,288 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.11.27 10:36:19 | 000,524,288 | -HS- | M] () -- C:\Users\ASUS\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.11.27 10:34:23 | 000,000,020 | -HS- | M] () -- C:\Users\ASUS\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---







und hier der EXTRA logOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.03.2013 14:01:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,90 Gb Available Physical Memory | 65,95% Memory free
11,83 Gb Paging File | 9,71 Gb Available in Paging File | 82,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 81,46 Gb Free Space | 54,65% Space Free | Partition Type: NTFS
Drive D: | 434,08 Gb Total Space | 433,98 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 1,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BF807F-C780-4451-85E1-87CE358AA16A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{03C92537-B60C-41E1-AC22-B5F83F49C828}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0B95D2A9-A6E0-4BF8-AB92-E44A7926BEB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{103AF2AF-14C6-468D-A709-87948B39CA73}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1556F7CA-D2BF-4A44-8AD6-FD04B67FE5FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1929B451-4434-4483-B6ED-6194CEAAFF85}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1BBFE921-75DE-48F8-A9FA-D34689C2A27E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1C39E6CA-0B7C-4A76-88E8-2F0484E85214}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{293F68ED-9FAB-4ED9-8616-B5CB0B59B4F9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{450D818C-EFC0-4575-A219-D3716EBBF172}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5550D9A2-1D7D-4436-9657-CFF29940DCC1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5DA3CBF9-FF13-4878-B642-F720648488A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E24BB32-DE5F-41EF-A26F-3F31DD159DB5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64295ADE-B2A2-443F-8257-452FD5ADFA0C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7599773F-2B72-4DCE-B36A-CD52758F4A0A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7AC0F5B8-3F27-47D5-A84B-8462C0740982}" = rport=139 | protocol=6 | dir=out | app=system | 
"{81751498-C1C3-4853-B809-DC8B49988652}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9003FC81-1182-4DF2-B3FB-94FE647D0333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90AEFC01-AFD8-452A-8624-FC4B5D94B2F5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A053E954-4DD0-4787-85B4-151D60A7E1A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEF39154-6B49-4066-9EF9-60B15F0CF1AB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C5390ED7-0685-40FD-A635-A0A3DC05C787}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9EFF77B-F04B-4699-BBF7-847B43DAA567}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0283D40C-0ED3-4075-9F98-6DE0088E612E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0A1853F1-28A3-4528-B5A5-4FFBCE01902C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C14FB95-0020-4A4D-8F0A-D6E8A6FD7CD9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1034A131-0CDB-46B1-A3C8-35DBA72830FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16572C2B-89FA-414D-8BE9-29DFC1A6EB2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{17B5859F-C6CA-4981-BD6F-1A74F22B4927}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23D51EAA-40A8-4E1B-B393-7B28D2E562EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{373CE62A-DD79-4445-90B8-FD7294F49DB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F11CC90-A6A4-45C2-9F90-4A8CF0A1D10E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4847B334-4756-45D5-B009-8E33B13C0F47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4AB21086-29FC-41CF-BDC7-5FDFB26130C9}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 
"{4BA8F37C-B28D-4608-8B7A-E351CB4A7FF1}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 
"{5030C7EB-556E-4585-8E52-4246FAFD219D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{50A94B07-FF6A-49B9-965D-B48B72F9C2EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6569719C-260C-4826-9E4F-7E25DD6C3D80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{746589DE-4F43-4CA1-8A50-FF54D5B1CF8D}" = protocol=6 | dir=out | app=system | 
"{7D59747F-900F-402A-9552-4EC43C3B9FA9}" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{894E8619-90ED-4BBC-BF22-A0DD3CA64F0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{924FCD66-91A0-4D5A-BE2D-13BF7A5454BA}" = protocol=6 | dir=in | app=c:\users\asus\appdata\local\akamai\netsession_win.exe | 
"{BA31D4D0-3424-4EF1-B818-878AE303A7C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BAAE806C-95CE-4008-98F1-3916F3BDBB71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CC7360AD-572E-4C55-9307-44785B61625C}" = protocol=17 | dir=in | app=c:\users\asus\appdata\local\akamai\netsession_win.exe | 
"{D9B89214-2E06-4CE9-90E9-6232552B1166}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DC6D4C2E-B32D-4E0A-B656-046458F3FE37}" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E000624D-04C5-4AF3-9A9E-B78E35BA6674}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E808D127-81B1-48D6-B931-5166CEC4A3FB}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 
"{ECC6FE52-EB5E-4B5A-9590-DEC8F006AF54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F0B60679-CD02-48CD-B202-84D33F2202F1}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 
"{F63BADD7-0CEA-4677-9E4B-4BBF67A0195F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{43DD252C-1DAC-4223-878F-DE8E9EC26D85}C:\users\asus\desktop\ahmet\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\users\asus\desktop\ahmet\azureus\azureus.exe | 
"TCP Query User{5A40693B-3B61-444A-96AC-6E097DE8CDF7}C:\users\asus\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{89F3D358-B93B-4C6B-8AE7-3A51F53ADE5C}C:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{56EBF0AB-8596-4EFD-86D5-24F3AFECE1FF}C:\users\asus\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{8933D67E-D71B-47AA-8DA1-5CE6C6C62CF1}C:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{EEACF329-A246-4506-B84B-E2F392901BB3}C:\users\asus\desktop\ahmet\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\users\asus\desktop\ahmet\azureus\azureus.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4627CDA0-4D39-4573-A4B0-B637780DD2AB}" = Snap.Do
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"1ClickDownload" = HDVidCodec
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface Service
"AsusScr_K Series_ENG" = AsusScr_K Series_ENG
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Avira AntiVir Desktop" = Avira Free Antivirus
"Azureus" = Azureus
"DAEMON Tools Lite" = DAEMON Tools Lite
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"IsoBuster_is1" = IsoBuster 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Warcraft III Reign of Chaos & The Frozen Throne" = Warcraft III Reign of Chaos & The Frozen Throne
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1622653762-2734915653-602354260-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2013 17:02:59 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MemoryMan.dll, Version: 0.0.0.0, Zeitstempel:
 0x511e4e75  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005883  ID des fehlerhaften Prozesses:
 0x1304  Startzeit der fehlerhaften Anwendung: 0x01ce112b3f125860  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\MemoryMan.dll
Berichtskennung:
 3c6d667a-7d33-11e2-9cf1-f46d04276687
 
Error - 23.02.2013 04:49:18 | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 24.02.2013 10:31:45 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MemoryMan.dll, Version: 0.0.0.0, Zeitstempel:
 0x511e4e75  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005883  ID des fehlerhaften Prozesses:
 0xb1c  Startzeit der fehlerhaften Anwendung: 0x01ce12957a5037ee  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\MemoryMan.dll
Berichtskennung:
 e9929311-7e8e-11e2-9c14-f46d04276687
 
Error - 24.02.2013 11:41:56 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MemoryMan.dll, Version: 0.0.0.0, Zeitstempel:
 0x511e4e75  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005883  ID des fehlerhaften Prozesses:
 0xf48  Startzeit der fehlerhaften Anwendung: 0x01ce12a449528e3c  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\MemoryMan.dll
Berichtskennung:
 b759c5a0-7e98-11e2-9c14-f46d04276687
 
Error - 24.02.2013 11:41:56 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel:
 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003734d  ID des fehlerhaften Prozesses:
 0x1114  Startzeit der fehlerhaften Anwendung: 0x01ce12a447403ee0  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 b759ecb0-7e98-11e2-9c14-f46d04276687
 
Error - 24.02.2013 11:56:08 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel:
 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003734d  ID des fehlerhaften Prozesses:
 0x1534  Startzeit der fehlerhaften Anwendung: 0x01ce12a596b16b4b  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 b32c532b-7e9a-11e2-9c14-f46d04276687
 
Error - 24.02.2013 11:56:08 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MemoryMan.dll, Version: 0.0.0.0, Zeitstempel:
 0x511e4e75  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005883  ID des fehlerhaften Prozesses:
 0x114  Startzeit der fehlerhaften Anwendung: 0x01ce12a598b4e3f7  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\MemoryMan.dll
Berichtskennung:
 b350cba4-7e9a-11e2-9c14-f46d04276687
 
Error - 24.02.2013 15:57:11 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel:
 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003734d  ID des fehlerhaften Prozesses:
 0x854  Startzeit der fehlerhaften Anwendung: 0x01ce12c0e84e4936  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 5fdbfb2a-7ebc-11e2-9c14-f46d04276687
 
Error - 24.02.2013 15:57:11 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
 0x511e52f7  Name des fehlerhaften Moduls: MemoryMan.dll, Version: 0.0.0.0, Zeitstempel:
 0x511e4e75  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005883  ID des fehlerhaften Prozesses:
 0x990  Startzeit der fehlerhaften Anwendung: 0x01ce12c0ea545bd1  Pfad der fehlerhaften
 Anwendung: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe  Pfad
 des fehlerhaften Moduls: C:\Games\Star Wars-The Old Republic\swtor\RetailClient\MemoryMan.dll
Berichtskennung:
 5ff48c96-7ebc-11e2-9c14-f46d04276687
 
Error - 24.02.2013 16:42:01 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 25.0.1364.97,
 Zeitstempel: 0x51258756  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x70c  Startzeit der fehlerhaften Anwendung: 0x01ce12cf59fc16b9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a3b5bca0-7ec2-11e2-9c14-f46d04276687
 
[ System Events ]
Error - 24.02.2013 18:01:37 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:04:53 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:05:36 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:06:18 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:06:35 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:07:40 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:08:44 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:08:44 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:09:28 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 24.02.2013 18:09:55 | Computer Name = ASUS-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
 
< End of report >
         
--- --- ---


Alt 11.03.2013, 17:50   #6
markusg
/// Malware-holic
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: []  File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> Snap.Do Trojaner! Wie entferne ich Snap.Do?

Alt 14.03.2013, 13:45   #7
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ASUS
->Temp folder emptied: 128145075 bytes
->Temporary Internet Files folder emptied: 283096462 bytes
->Java cache emptied: 19859588 bytes
->Google Chrome cache emptied: 345803142 bytes
->Flash cache emptied: 1183 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 343537762 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46430379 bytes
RecycleBin emptied: 2535 bytes

Total Files Cleaned = 1.154,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03142013_133250

Files\Folders moved on Reboot...
C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 14.03.2013, 15:51   #8
markusg
/// Malware-holic
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.03.2013, 15:19   #9
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



15:17:24.0672 6912 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:17:24.0770 6912 ============================================================
15:17:24.0770 6912 Current date / time: 2013/03/18 15:17:24.0770
15:17:24.0770 6912 SystemInfo:
15:17:24.0770 6912
15:17:24.0770 6912 OS Version: 6.1.7601 ServicePack: 1.0
15:17:24.0770 6912 Product type: Workstation
15:17:24.0770 6912 ComputerName: ASUS-PC
15:17:24.0770 6912 UserName: ASUS
15:17:24.0771 6912 Windows directory: C:\Windows
15:17:24.0771 6912 System windows directory: C:\Windows
15:17:24.0771 6912 Running under WOW64
15:17:24.0771 6912 Processor architecture: Intel x64
15:17:24.0772 6912 Number of processors: 8
15:17:24.0772 6912 Page size: 0x1000
15:17:24.0772 6912 Boot type: Normal boot
15:17:24.0772 6912 ============================================================
15:17:25.0632 6912 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:25.0657 6912 ============================================================
15:17:25.0657 6912 \Device\Harddisk0\DR0:
15:17:25.0657 6912 MBR partitions:
15:17:25.0657 6912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A18040, BlocksNum 0x12A16000
15:17:25.0672 6912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1442F000, BlocksNum 0x36428800
15:17:25.0672 6912 ============================================================
15:17:25.0698 6912 C: <-> \Device\Harddisk0\DR0\Partition1
15:17:25.0731 6912 D: <-> \Device\Harddisk0\DR0\Partition2
15:17:25.0732 6912 ============================================================
15:17:25.0732 6912 Initialize success
15:17:25.0732 6912 ============================================================
15:17:51.0510 0456 ============================================================
15:17:51.0510 0456 Scan started
15:17:51.0510 0456 Mode: Manual; SigCheck; TDLFS;
15:17:51.0510 0456 ============================================================
15:17:51.0662 0456 ================ Scan system memory ========================
15:17:51.0663 0456 System memory - ok
15:17:51.0665 0456 ================ Scan services =============================
15:17:52.0100 0456 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:17:52.0470 0456 1394ohci - ok
15:17:52.0511 0456 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:17:52.0526 0456 ACPI - ok
15:17:52.0588 0456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:17:52.0667 0456 AcpiPmi - ok
15:17:52.0787 0456 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:52.0800 0456 AdobeARMservice - ok
15:17:52.0955 0456 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:52.0968 0456 AdobeFlashPlayerUpdateSvc - ok
15:17:53.0023 0456 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:17:53.0059 0456 adp94xx - ok
15:17:53.0085 0456 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:17:53.0106 0456 adpahci - ok
15:17:53.0127 0456 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:17:53.0145 0456 adpu320 - ok
15:17:53.0260 0456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:17:53.0426 0456 AeLookupSvc - ok
15:17:53.0508 0456 [ 079CBA3C5C9AB11B2B4E6BD729A860F2 ] AFBAgent C:\Windows\system32\FBAgent.exe
15:17:53.0531 0456 AFBAgent - ok
15:17:53.0593 0456 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:17:53.0676 0456 AFD - ok
15:17:53.0713 0456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:17:53.0726 0456 agp440 - ok
15:17:53.0923 0456 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll
15:17:54.0117 0456 Akamai - ok
15:17:54.0179 0456 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:17:54.0239 0456 ALG - ok
15:17:54.0309 0456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:17:54.0341 0456 aliide - ok
15:17:54.0395 0456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:17:54.0409 0456 amdide - ok
15:17:54.0438 0456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:17:54.0502 0456 AmdK8 - ok
15:17:54.0561 0456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:17:54.0604 0456 AmdPPM - ok
15:17:54.0711 0456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:17:54.0726 0456 amdsata - ok
15:17:54.0801 0456 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:17:54.0819 0456 amdsbs - ok
15:17:54.0850 0456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:17:55.0026 0456 amdxata - ok
15:17:55.0128 0456 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:17:55.0160 0456 AntiVirSchedulerService - ok
15:17:55.0240 0456 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:17:55.0249 0456 AntiVirService - ok
15:17:55.0346 0456 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:17:55.0371 0456 AntiVirWebService - ok
15:17:55.0456 0456 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:17:55.0647 0456 AppID - ok
15:17:55.0677 0456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:17:55.0733 0456 AppIDSvc - ok
15:17:55.0776 0456 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:17:55.0829 0456 Appinfo - ok
15:17:55.0901 0456 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:17:55.0916 0456 arc - ok
15:17:55.0979 0456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:17:55.0996 0456 arcsas - ok
15:17:56.0081 0456 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:17:56.0093 0456 ASLDRService - ok
15:17:56.0153 0456 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:17:56.0163 0456 ASMMAP64 - ok
15:17:56.0394 0456 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:17:56.0457 0456 aspnet_state - ok
15:17:56.0520 0456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:56.0577 0456 AsyncMac - ok
15:17:56.0626 0456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:17:56.0637 0456 atapi - ok
15:17:56.0738 0456 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:17:56.0862 0456 athr - ok
15:17:56.0899 0456 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:17:56.0912 0456 ATKGFNEXSrv - ok
15:17:56.0992 0456 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:17:57.0002 0456 ATKWMIACPIIO - ok
15:17:57.0078 0456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:17:57.0147 0456 AudioEndpointBuilder - ok
15:17:57.0159 0456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:17:57.0192 0456 AudioSrv - ok
15:17:57.0264 0456 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:17:57.0278 0456 avgntflt - ok
15:17:57.0362 0456 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:17:57.0377 0456 avipbb - ok
15:17:57.0432 0456 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:17:57.0444 0456 avkmgr - ok
15:17:57.0548 0456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:17:57.0651 0456 AxInstSV - ok
15:17:57.0728 0456 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:17:57.0814 0456 b06bdrv - ok
15:17:57.0849 0456 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:17:57.0898 0456 b57nd60a - ok
15:17:57.0929 0456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:17:57.0976 0456 BDESVC - ok
15:17:57.0989 0456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:17:58.0045 0456 Beep - ok
15:17:58.0110 0456 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:17:58.0169 0456 BFE - ok
15:17:58.0217 0456 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:17:58.0281 0456 BITS - ok
15:17:58.0310 0456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:17:58.0350 0456 blbdrive - ok
15:17:58.0443 0456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:17:58.0499 0456 bowser - ok
15:17:58.0575 0456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:17:58.0610 0456 BrFiltLo - ok
15:17:58.0660 0456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:17:58.0681 0456 BrFiltUp - ok
15:17:58.0775 0456 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:17:58.0818 0456 Browser - ok
15:17:58.0884 0456 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:17:58.0929 0456 Brserid - ok
15:17:58.0947 0456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:17:58.0977 0456 BrSerWdm - ok
15:17:58.0985 0456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:17:59.0019 0456 BrUsbMdm - ok
15:17:59.0038 0456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:17:59.0063 0456 BrUsbSer - ok
15:17:59.0076 0456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:17:59.0109 0456 BTHMODEM - ok
15:17:59.0182 0456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:17:59.0247 0456 bthserv - ok
15:17:59.0335 0456 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:17:59.0401 0456 cdfs - ok
15:17:59.0468 0456 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:17:59.0497 0456 cdrom - ok
15:17:59.0591 0456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:17:59.0623 0456 CertPropSvc - ok
15:17:59.0635 0456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:17:59.0686 0456 circlass - ok
15:17:59.0754 0456 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:17:59.0770 0456 CLFS - ok
15:17:59.0887 0456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:59.0902 0456 clr_optimization_v2.0.50727_32 - ok
15:17:59.0941 0456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:59.0964 0456 clr_optimization_v2.0.50727_64 - ok
15:18:00.0057 0456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:00.0205 0456 clr_optimization_v4.0.30319_32 - ok
15:18:00.0267 0456 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:18:00.0297 0456 clr_optimization_v4.0.30319_64 - ok
15:18:00.0321 0456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:18:00.0349 0456 CmBatt - ok
15:18:00.0416 0456 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:18:00.0427 0456 cmdide - ok
15:18:00.0518 0456 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:18:00.0559 0456 CNG - ok
15:18:00.0601 0456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:18:00.0614 0456 Compbatt - ok
15:18:00.0685 0456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:18:00.0734 0456 CompositeBus - ok
15:18:00.0745 0456 COMSysApp - ok
15:18:00.0764 0456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:18:00.0777 0456 crcdisk - ok
15:18:00.0819 0456 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:18:00.0875 0456 CryptSvc - ok
15:18:00.0924 0456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:18:00.0982 0456 DcomLaunch - ok
15:18:01.0007 0456 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:18:01.0090 0456 defragsvc - ok
15:18:01.0137 0456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:18:01.0201 0456 DfsC - ok
15:18:01.0256 0456 [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
15:18:01.0279 0456 dg_ssudbus - ok
15:18:01.0338 0456 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:18:01.0392 0456 Dhcp - ok
15:18:01.0404 0456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:18:01.0454 0456 discache - ok
15:18:01.0491 0456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:18:01.0507 0456 Disk - ok
15:18:01.0590 0456 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:18:01.0632 0456 Dnscache - ok
15:18:01.0675 0456 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:18:01.0751 0456 dot3svc - ok
15:18:01.0773 0456 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:18:01.0818 0456 DPS - ok
15:18:01.0850 0456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:18:01.0887 0456 drmkaud - ok
15:18:01.0926 0456 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:18:01.0936 0456 dtsoftbus01 - ok
15:18:01.0980 0456 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:18:02.0006 0456 DXGKrnl - ok
15:18:02.0029 0456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:18:02.0073 0456 EapHost - ok
15:18:02.0190 0456 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:18:02.0338 0456 ebdrv - ok
15:18:02.0409 0456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:18:02.0457 0456 EFS - ok
15:18:02.0540 0456 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:18:02.0611 0456 ehRecvr - ok
15:18:02.0652 0456 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:18:02.0711 0456 ehSched - ok
15:18:02.0819 0456 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:18:02.0882 0456 elxstor - ok
15:18:02.0947 0456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:18:02.0988 0456 ErrDev - ok
15:18:03.0112 0456 [ 5B042AA9CEBDAB5B61E747DDCEBFF51B ] ETD C:\Windows\system32\DRIVERS\ETD.sys
15:18:03.0125 0456 ETD - ok
15:18:03.0158 0456 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:18:03.0203 0456 EventSystem - ok
15:18:03.0246 0456 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:18:03.0294 0456 exfat - ok
15:18:03.0354 0456 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:18:03.0414 0456 fastfat - ok
15:18:03.0454 0456 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:18:03.0715 0456 Fax - ok
15:18:03.0733 0456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:18:03.0761 0456 fdc - ok
15:18:03.0827 0456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:18:03.0867 0456 fdPHost - ok
15:18:03.0930 0456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:18:03.0973 0456 FDResPub - ok
15:18:04.0027 0456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:18:04.0043 0456 FileInfo - ok
15:18:04.0090 0456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:18:04.0148 0456 Filetrace - ok
15:18:04.0198 0456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:18:04.0216 0456 flpydisk - ok
15:18:04.0313 0456 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:18:04.0337 0456 FltMgr - ok
15:18:04.0385 0456 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:18:04.0495 0456 FontCache - ok
15:18:04.0612 0456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:18:04.0625 0456 FontCache3.0.0.0 - ok
15:18:04.0678 0456 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:18:04.0693 0456 FsDepends - ok
15:18:04.0753 0456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:18:04.0765 0456 Fs_Rec - ok
15:18:04.0840 0456 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:18:04.0868 0456 fvevol - ok
15:18:04.0901 0456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:18:04.0916 0456 gagp30kx - ok
15:18:04.0992 0456 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:18:05.0048 0456 gpsvc - ok
15:18:05.0129 0456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:05.0137 0456 gupdate - ok
15:18:05.0155 0456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:18:05.0162 0456 gupdatem - ok
15:18:05.0241 0456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:18:05.0288 0456 hcw85cir - ok
15:18:05.0388 0456 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:18:05.0427 0456 HdAudAddService - ok
15:18:05.0452 0456 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:18:05.0482 0456 HDAudBus - ok
15:18:05.0502 0456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:18:05.0540 0456 HidBatt - ok
15:18:05.0561 0456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:18:05.0607 0456 HidBth - ok
15:18:05.0627 0456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:18:05.0652 0456 HidIr - ok
15:18:05.0685 0456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:18:05.0731 0456 hidserv - ok
15:18:05.0767 0456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:18:05.0791 0456 HidUsb - ok
15:18:05.0825 0456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:18:05.0870 0456 hkmsvc - ok
15:18:05.0912 0456 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:18:06.0025 0456 HomeGroupListener - ok
15:18:06.0046 0456 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:18:06.0063 0456 HomeGroupProvider - ok
15:18:06.0086 0456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:18:06.0100 0456 HpSAMD - ok
15:18:06.0133 0456 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:18:06.0216 0456 HTTP - ok
15:18:06.0245 0456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:18:06.0257 0456 hwpolicy - ok
15:18:06.0294 0456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:18:06.0310 0456 i8042prt - ok
15:18:06.0366 0456 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:18:06.0378 0456 iaStor - ok
15:18:06.0420 0456 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:18:06.0472 0456 iaStorV - ok
15:18:06.0540 0456 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:18:06.0592 0456 idsvc - ok
15:18:06.0902 0456 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:18:07.0415 0456 igfx - ok
15:18:07.0443 0456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:18:07.0457 0456 iirsp - ok
15:18:07.0485 0456 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:18:07.0545 0456 IKEEXT - ok
15:18:07.0721 0456 [ 72A253EFCA059D8CF303371255624890 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:18:07.0772 0456 IntcAzAudAddService - ok
15:18:07.0822 0456 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:18:07.0866 0456 IntcDAud - ok
15:18:07.0908 0456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:18:07.0921 0456 intelide - ok
15:18:07.0944 0456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:18:07.0986 0456 intelppm - ok
15:18:08.0027 0456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:18:08.0199 0456 IPBusEnum - ok
15:18:08.0222 0456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:08.0257 0456 IpFilterDriver - ok
15:18:08.0328 0456 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:18:08.0367 0456 iphlpsvc - ok
15:18:08.0398 0456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:18:08.0434 0456 IPMIDRV - ok
15:18:08.0456 0456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:18:08.0506 0456 IPNAT - ok
15:18:08.0532 0456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:18:08.0612 0456 IRENUM - ok
15:18:08.0696 0456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:18:08.0709 0456 isapnp - ok
15:18:08.0787 0456 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:18:08.0810 0456 iScsiPrt - ok
15:18:08.0821 0456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:18:08.0834 0456 kbdclass - ok
15:18:08.0868 0456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:18:08.0902 0456 kbdhid - ok
15:18:08.0969 0456 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
15:18:08.0978 0456 kbfiltr - ok
15:18:09.0064 0456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:18:09.0073 0456 KeyIso - ok
15:18:09.0164 0456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:18:09.0178 0456 KSecDD - ok
15:18:09.0244 0456 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:18:09.0261 0456 KSecPkg - ok
15:18:09.0319 0456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:18:09.0374 0456 ksthunk - ok
15:18:09.0420 0456 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:18:09.0494 0456 KtmRm - ok
15:18:09.0532 0456 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:18:09.0543 0456 L1C - ok
15:18:09.0650 0456 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:18:09.0713 0456 LanmanServer - ok
15:18:09.0807 0456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:18:09.0849 0456 LanmanWorkstation - ok
15:18:09.0893 0456 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:18:09.0943 0456 lltdio - ok
15:18:10.0016 0456 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:18:10.0067 0456 lltdsvc - ok
15:18:10.0088 0456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:18:10.0119 0456 lmhosts - ok
15:18:10.0223 0456 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:18:10.0234 0456 LMS - ok
15:18:10.0295 0456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:18:10.0311 0456 LSI_FC - ok
15:18:10.0334 0456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:18:10.0351 0456 LSI_SAS - ok
15:18:10.0375 0456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:18:10.0389 0456 LSI_SAS2 - ok
15:18:10.0401 0456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:18:10.0416 0456 LSI_SCSI - ok
15:18:10.0513 0456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:18:10.0567 0456 luafv - ok
15:18:10.0621 0456 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:18:10.0632 0456 MBAMProtector - ok
15:18:10.0715 0456 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:18:10.0728 0456 MBAMScheduler - ok
15:18:10.0755 0456 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:18:10.0772 0456 MBAMService - ok
15:18:10.0801 0456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:18:10.0842 0456 Mcx2Svc - ok
15:18:10.0900 0456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:18:10.0915 0456 megasas - ok
15:18:10.0999 0456 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:18:11.0021 0456 MegaSR - ok
15:18:11.0086 0456 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:18:11.0097 0456 MEIx64 - ok
15:18:11.0180 0456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:18:11.0253 0456 MMCSS - ok
15:18:11.0339 0456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:18:11.0380 0456 Modem - ok
15:18:11.0399 0456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:18:11.0432 0456 monitor - ok
15:18:11.0460 0456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:18:11.0474 0456 mouclass - ok
15:18:11.0528 0456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:18:11.0560 0456 mouhid - ok
15:18:11.0630 0456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:18:11.0646 0456 mountmgr - ok
15:18:11.0728 0456 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:18:11.0746 0456 mpio - ok
15:18:11.0777 0456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:18:11.0827 0456 mpsdrv - ok
15:18:11.0869 0456 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:18:11.0921 0456 MpsSvc - ok
15:18:11.0951 0456 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:18:11.0997 0456 MRxDAV - ok
15:18:12.0031 0456 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:12.0081 0456 mrxsmb - ok
15:18:12.0089 0456 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:12.0117 0456 mrxsmb10 - ok
15:18:12.0151 0456 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:12.0177 0456 mrxsmb20 - ok
15:18:12.0193 0456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:18:12.0204 0456 msahci - ok
15:18:12.0226 0456 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:18:12.0242 0456 msdsm - ok
15:18:12.0266 0456 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:18:12.0303 0456 MSDTC - ok
15:18:12.0342 0456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:18:12.0379 0456 Msfs - ok
15:18:12.0443 0456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:18:12.0496 0456 mshidkmdf - ok
15:18:12.0570 0456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:18:12.0581 0456 msisadrv - ok
15:18:12.0645 0456 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:18:12.0691 0456 MSiSCSI - ok
15:18:12.0694 0456 msiserver - ok
15:18:12.0728 0456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:18:12.0770 0456 MSKSSRV - ok
15:18:12.0833 0456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:12.0882 0456 MSPCLOCK - ok
15:18:12.0948 0456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:18:12.0994 0456 MSPQM - ok
15:18:13.0030 0456 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:18:13.0052 0456 MsRPC - ok
15:18:13.0092 0456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:18:13.0101 0456 mssmbios - ok
15:18:13.0160 0456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:18:13.0223 0456 MSTEE - ok
15:18:13.0245 0456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:18:13.0268 0456 MTConfig - ok
15:18:13.0334 0456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:18:13.0348 0456 Mup - ok
15:18:13.0432 0456 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:18:13.0484 0456 napagent - ok
15:18:13.0525 0456 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:18:13.0573 0456 NativeWifiP - ok
15:18:13.0613 0456 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:18:13.0643 0456 NDIS - ok
15:18:13.0714 0456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:13.0774 0456 NdisCap - ok
15:18:13.0792 0456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:13.0842 0456 NdisTapi - ok
15:18:13.0900 0456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:13.0943 0456 Ndisuio - ok
15:18:14.0000 0456 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:14.0072 0456 NdisWan - ok
15:18:14.0186 0456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:18:14.0219 0456 NDProxy - ok
15:18:14.0230 0456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:18:14.0284 0456 NetBIOS - ok
15:18:14.0353 0456 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:18:14.0417 0456 NetBT - ok
15:18:14.0508 0456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:18:14.0518 0456 Netlogon - ok
15:18:14.0611 0456 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:18:14.0693 0456 Netman - ok
15:18:14.0769 0456 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:14.0799 0456 NetMsmqActivator - ok
15:18:14.0812 0456 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:14.0820 0456 NetPipeActivator - ok
15:18:14.0876 0456 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:18:14.0922 0456 netprofm - ok
15:18:14.0976 0456 [ F1814E62EB6E50472AFC9903525ECEC1 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
15:18:15.0004 0456 netr28x - ok
15:18:15.0023 0456 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:15.0032 0456 NetTcpActivator - ok
15:18:15.0113 0456 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:18:15.0122 0456 NetTcpPortSharing - ok
15:18:15.0195 0456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:18:15.0210 0456 nfrd960 - ok
15:18:15.0265 0456 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:18:15.0290 0456 NlaSvc - ok
15:18:15.0300 0456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:18:15.0341 0456 Npfs - ok
15:18:15.0344 0456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:18:15.0397 0456 nsi - ok
15:18:15.0452 0456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:18:15.0505 0456 nsiproxy - ok
15:18:15.0639 0456 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:18:15.0723 0456 Ntfs - ok
15:18:15.0739 0456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:18:15.0789 0456 Null - ok
15:18:16.0102 0456 [ 41A7C6ED2BAB4C304633B785C884A912 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:16.0575 0456 nvlddmkm - ok
15:18:16.0587 0456 [ D542153CB23459B8AAD88CF17E36B670 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
15:18:16.0597 0456 nvpciflt - ok
15:18:16.0642 0456 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:18:16.0658 0456 nvraid - ok
15:18:16.0679 0456 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:18:16.0696 0456 nvstor - ok
15:18:16.0797 0456 [ 558490B65557A15193E56C44DCF67B64 ] NVSvc C:\Windows\system32\nvvsvc.exe
15:18:16.0837 0456 NVSvc - ok
15:18:16.0927 0456 [ FC968EF459601BB3D18A40BB85EC5193 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:18:16.0963 0456 nvUpdatusService - ok
15:18:16.0982 0456 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:18:16.0997 0456 nv_agp - ok
15:18:17.0025 0456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:18:17.0042 0456 ohci1394 - ok
15:18:17.0109 0456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:18:17.0134 0456 p2pimsvc - ok
15:18:17.0153 0456 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:18:17.0183 0456 p2psvc - ok
15:18:17.0202 0456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:18:17.0220 0456 Parport - ok
15:18:17.0303 0456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:18:17.0317 0456 partmgr - ok
15:18:17.0369 0456 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:18:17.0403 0456 PcaSvc - ok
15:18:17.0469 0456 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:18:17.0489 0456 pci - ok
15:18:17.0554 0456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:18:17.0566 0456 pciide - ok
15:18:17.0649 0456 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:18:17.0670 0456 pcmcia - ok
15:18:17.0718 0456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:18:17.0730 0456 pcw - ok
15:18:17.0749 0456 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:18:17.0851 0456 PEAUTH - ok
15:18:17.0974 0456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:18:17.0989 0456 PerfHost - ok
15:18:18.0062 0456 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:18:18.0145 0456 pla - ok
15:18:18.0184 0456 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:18:18.0225 0456 PlugPlay - ok
15:18:18.0246 0456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:18:18.0277 0456 PNRPAutoReg - ok
15:18:18.0300 0456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:18:18.0313 0456 PNRPsvc - ok
15:18:18.0419 0456 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:18:18.0472 0456 PolicyAgent - ok
15:18:18.0501 0456 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:18:18.0549 0456 Power - ok
15:18:18.0579 0456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:18:18.0627 0456 PptpMiniport - ok
15:18:18.0655 0456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:18:18.0696 0456 Processor - ok
15:18:18.0728 0456 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:18:18.0852 0456 ProfSvc - ok
15:18:18.0864 0456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:18:18.0875 0456 ProtectedStorage - ok
15:18:18.0983 0456 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:18:19.0028 0456 Psched - ok
15:18:19.0098 0456 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:18:19.0158 0456 ql2300 - ok
15:18:19.0175 0456 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:18:19.0194 0456 ql40xx - ok
15:18:19.0235 0456 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:18:19.0262 0456 QWAVE - ok
15:18:19.0279 0456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:18:19.0306 0456 QWAVEdrv - ok
15:18:19.0372 0456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:18:19.0422 0456 RasAcd - ok
15:18:19.0510 0456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:19.0566 0456 RasAgileVpn - ok
15:18:19.0682 0456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:18:19.0738 0456 RasAuto - ok
15:18:19.0761 0456 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:19.0811 0456 Rasl2tp - ok
15:18:19.0852 0456 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:18:19.0909 0456 RasMan - ok
15:18:19.0926 0456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:19.0988 0456 RasPppoe - ok
15:18:20.0042 0456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:18:20.0128 0456 RasSstp - ok
15:18:20.0148 0456 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:18:20.0407 0456 rdbss - ok
15:18:20.0486 0456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:18:20.0509 0456 rdpbus - ok
15:18:20.0571 0456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:20.0621 0456 RDPCDD - ok
15:18:20.0640 0456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:18:20.0692 0456 RDPENCDD - ok
15:18:20.0791 0456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:18:20.0837 0456 RDPREFMP - ok
15:18:20.0916 0456 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:18:20.0975 0456 RDPWD - ok
15:18:21.0004 0456 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:18:21.0025 0456 rdyboost - ok
15:18:21.0109 0456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:18:21.0151 0456 RemoteAccess - ok
15:18:21.0245 0456 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:18:21.0297 0456 RemoteRegistry - ok
15:18:21.0300 0456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:18:21.0341 0456 RpcEptMapper - ok
15:18:21.0369 0456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:18:21.0382 0456 RpcLocator - ok
15:18:21.0457 0456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:18:21.0504 0456 RpcSs - ok
15:18:21.0541 0456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:18:21.0594 0456 rspndr - ok
15:18:21.0608 0456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:18:21.0618 0456 SamSs - ok
15:18:21.0666 0456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:18:21.0682 0456 sbp2port - ok
15:18:21.0718 0456 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:18:21.0774 0456 SCardSvr - ok
15:18:21.0815 0456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:18:21.0856 0456 scfilter - ok
15:18:21.0902 0456 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:18:21.0949 0456 Schedule - ok
15:18:22.0002 0456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:18:22.0047 0456 SCPolicySvc - ok
15:18:22.0072 0456 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:18:22.0114 0456 SDRSVC - ok
15:18:22.0147 0456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:18:22.0201 0456 secdrv - ok
15:18:22.0269 0456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:18:22.0313 0456 seclogon - ok
15:18:22.0370 0456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:18:22.0422 0456 SENS - ok
15:18:22.0442 0456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:18:22.0493 0456 SensrSvc - ok
15:18:22.0551 0456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:18:22.0579 0456 Serenum - ok
15:18:22.0631 0456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:18:22.0657 0456 Serial - ok
15:18:22.0733 0456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:18:22.0762 0456 sermouse - ok
15:18:22.0793 0456 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:18:22.0837 0456 SessionEnv - ok
15:18:22.0869 0456 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:18:22.0908 0456 sffdisk - ok
15:18:22.0962 0456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:18:22.0976 0456 sffp_mmc - ok
15:18:23.0051 0456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:18:23.0086 0456 sffp_sd - ok
15:18:23.0143 0456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:18:23.0156 0456 sfloppy - ok
15:18:23.0285 0456 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:18:23.0347 0456 SharedAccess - ok
15:18:23.0379 0456 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:18:23.0421 0456 ShellHWDetection - ok
15:18:23.0425 0456 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
15:18:23.0448 0456 SiSGbeLH - ok
15:18:23.0500 0456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:18:23.0514 0456 SiSRaid2 - ok
15:18:23.0597 0456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:18:23.0611 0456 SiSRaid4 - ok
15:18:23.0683 0456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:18:23.0762 0456 Smb - ok
15:18:23.0792 0456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:18:23.0826 0456 SNMPTRAP - ok
15:18:23.0900 0456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:18:23.0912 0456 spldr - ok
15:18:23.0938 0456 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:18:23.0982 0456 Spooler - ok
15:18:24.0092 0456 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:18:24.0224 0456 sppsvc - ok
15:18:24.0246 0456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:18:24.0314 0456 sppuinotify - ok
15:18:24.0404 0456 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:18:24.0571 0456 srv - ok
15:18:24.0665 0456 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:18:24.0721 0456 srv2 - ok
15:18:24.0748 0456 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:18:24.0780 0456 srvnet - ok
15:18:24.0816 0456 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:18:24.0882 0456 SSDPSRV - ok
15:18:24.0905 0456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:18:24.0958 0456 SstpSvc - ok
15:18:25.0030 0456 [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
15:18:25.0040 0456 ssudmdm - ok
15:18:25.0094 0456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:18:25.0106 0456 stexstor - ok
15:18:25.0147 0456 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:18:25.0187 0456 stisvc - ok
15:18:25.0208 0456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:18:25.0219 0456 swenum - ok
15:18:25.0244 0456 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:18:25.0304 0456 swprv - ok
15:18:25.0376 0456 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:18:25.0442 0456 SysMain - ok
15:18:25.0479 0456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:18:25.0519 0456 TabletInputService - ok
15:18:25.0598 0456 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:18:25.0667 0456 TapiSrv - ok
15:18:25.0744 0456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:18:25.0793 0456 TBS - ok
15:18:25.0878 0456 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:18:26.0011 0456 Tcpip - ok
15:18:26.0049 0456 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:18:26.0089 0456 TCPIP6 - ok
15:18:26.0120 0456 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:18:26.0134 0456 tcpipreg - ok
15:18:26.0230 0456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:18:26.0263 0456 TDPIPE - ok
15:18:26.0338 0456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:18:26.0372 0456 TDTCP - ok
15:18:26.0408 0456 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:18:26.0460 0456 tdx - ok
15:18:26.0516 0456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:18:26.0529 0456 TermDD - ok
15:18:26.0597 0456 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:18:26.0652 0456 TermService - ok
15:18:26.0668 0456 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:18:26.0693 0456 Themes - ok
15:18:26.0713 0456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:18:26.0743 0456 THREADORDER - ok
15:18:26.0767 0456 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:18:26.0809 0456 TrkWks - ok
15:18:26.0850 0456 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:18:26.0919 0456 TrustedInstaller - ok
15:18:27.0061 0456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:27.0112 0456 tssecsrv - ok
15:18:27.0183 0456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:18:27.0230 0456 TsUsbFlt - ok
15:18:27.0291 0456 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:18:27.0339 0456 tunnel - ok
15:18:27.0404 0456 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
15:18:27.0415 0456 TurboB - ok
15:18:27.0509 0456 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:18:27.0517 0456 TurboBoost - ok
15:18:27.0540 0456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:18:27.0555 0456 uagp35 - ok
15:18:27.0623 0456 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:18:27.0701 0456 udfs - ok
15:18:27.0768 0456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:18:27.0801 0456 UI0Detect - ok
15:18:27.0863 0456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:18:27.0877 0456 uliagpkx - ok
15:18:27.0954 0456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:18:27.0981 0456 umbus - ok
15:18:28.0006 0456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:18:28.0036 0456 UmPass - ok
15:18:28.0186 0456 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:18:28.0240 0456 UNS - ok
15:18:28.0256 0456 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:18:28.0298 0456 upnphost - ok
15:18:28.0312 0456 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:28.0351 0456 usbccgp - ok
15:18:28.0433 0456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:18:28.0481 0456 usbcir - ok
15:18:28.0543 0456 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:18:28.0569 0456 usbehci - ok
15:18:28.0627 0456 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:18:28.0669 0456 usbhub - ok
15:18:28.0686 0456 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:18:28.0706 0456 usbohci - ok
15:18:28.0765 0456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:18:28.0795 0456 usbprint - ok
15:18:28.0829 0456 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:28.0868 0456 USBSTOR - ok
15:18:28.0944 0456 [ C44D96B1CDDE705B23F55AB423CCA73D ] USBTINSP C:\Windows\system32\DRIVERS\tinspusb.sys
15:18:28.0988 0456 USBTINSP - ok
15:18:29.0054 0456 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:18:29.0067 0456 usbuhci - ok
15:18:29.0148 0456 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:18:29.0172 0456 usbvideo - ok
15:18:29.0241 0456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:18:29.0283 0456 UxSms - ok
15:18:29.0296 0456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:18:29.0307 0456 VaultSvc - ok
15:18:29.0369 0456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:18:29.0382 0456 vdrvroot - ok
15:18:29.0580 0456 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:18:29.0649 0456 vds - ok
15:18:29.0711 0456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:29.0726 0456 vga - ok
15:18:29.0748 0456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:18:29.0793 0456 VgaSave - ok
15:18:29.0857 0456 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:18:29.0878 0456 vhdmp - ok
15:18:29.0925 0456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:18:29.0938 0456 viaide - ok
15:18:29.0957 0456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:18:29.0972 0456 volmgr - ok
15:18:30.0050 0456 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:18:30.0083 0456 volmgrx - ok
15:18:30.0091 0456 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:18:30.0112 0456 volsnap - ok
15:18:30.0136 0456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:18:30.0152 0456 vsmraid - ok
15:18:30.0264 0456 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:18:30.0355 0456 VSS - ok
15:18:30.0375 0456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:18:30.0404 0456 vwifibus - ok
15:18:30.0465 0456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:18:30.0505 0456 vwififlt - ok
15:18:30.0558 0456 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:18:30.0607 0456 W32Time - ok
15:18:30.0674 0456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:18:30.0706 0456 WacomPen - ok
15:18:30.0791 0456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:18:30.0846 0456 WANARP - ok
15:18:30.0875 0456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:18:30.0905 0456 Wanarpv6 - ok
15:18:30.0956 0456 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:18:31.0038 0456 wbengine - ok
15:18:31.0087 0456 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:18:31.0126 0456 WbioSrvc - ok
15:18:31.0205 0456 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:18:31.0259 0456 wcncsvc - ok
15:18:31.0286 0456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:18:31.0424 0456 WcsPlugInService - ok
15:18:31.0478 0456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:18:31.0492 0456 Wd - ok
15:18:31.0597 0456 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:18:31.0668 0456 Wdf01000 - ok
15:18:31.0672 0456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:18:31.0773 0456 WdiServiceHost - ok
15:18:31.0817 0456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:18:31.0837 0456 WdiSystemHost - ok
15:18:31.0899 0456 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:18:31.0959 0456 WebClient - ok
15:18:32.0043 0456 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:18:32.0096 0456 Wecsvc - ok
15:18:32.0117 0456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:18:32.0158 0456 wercplsupport - ok
15:18:32.0202 0456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:18:32.0252 0456 WerSvc - ok
15:18:32.0285 0456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:32.0331 0456 WfpLwf - ok
15:18:32.0400 0456 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:18:32.0416 0456 WimFltr - ok
15:18:32.0530 0456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:18:32.0544 0456 WIMMount - ok
15:18:32.0634 0456 WinDefend - ok
15:18:32.0660 0456 WinHttpAutoProxySvc - ok
15:18:32.0802 0456 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:18:32.0853 0456 Winmgmt - ok
15:18:32.0933 0456 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:18:33.0094 0456 WinRM - ok
15:18:33.0145 0456 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:18:33.0158 0456 WinUsb - ok
15:18:33.0252 0456 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:18:33.0289 0456 Wlansvc - ok
15:18:33.0411 0456 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:18:33.0459 0456 wlidsvc - ok
15:18:33.0469 0456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:18:33.0490 0456 WmiAcpi - ok
15:18:33.0601 0456 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:18:33.0636 0456 wmiApSrv - ok
15:18:33.0708 0456 WMPNetworkSvc - ok
15:18:33.0776 0456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:18:33.0803 0456 WPCSvc - ok
15:18:33.0894 0456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:18:33.0911 0456 WPDBusEnum - ok
15:18:33.0985 0456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:18:34.0041 0456 ws2ifsl - ok
15:18:34.0059 0456 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:18:34.0100 0456 wscsvc - ok
15:18:34.0118 0456 WSearch - ok
15:18:34.0275 0456 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:18:34.0361 0456 wuauserv - ok
15:18:34.0454 0456 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:18:34.0498 0456 WudfPf - ok
15:18:34.0562 0456 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:34.0589 0456 WUDFRd - ok
15:18:34.0666 0456 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:18:34.0692 0456 wudfsvc - ok
15:18:34.0759 0456 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:18:34.0798 0456 WwanSvc - ok
15:18:34.0802 0456 ================ Scan global ===============================
15:18:34.0835 0456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:18:34.0868 0456 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:18:34.0877 0456 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:18:34.0920 0456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:18:34.0979 0456 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:18:34.0982 0456 [Global] - ok
15:18:34.0993 0456 ================ Scan MBR ==================================
15:18:35.0040 0456 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:18:35.0600 0456 \Device\Harddisk0\DR0 - ok
15:18:35.0600 0456 ================ Scan VBR ==================================
15:18:35.0603 0456 [ 27DE197C4D42A01AF35CF7B7DA8382B1 ] \Device\Harddisk0\DR0\Partition1
15:18:35.0606 0456 \Device\Harddisk0\DR0\Partition1 - ok
15:18:35.0680 0456 [ A633D9381582CADEB5726B4B33CE8AFD ] \Device\Harddisk0\DR0\Partition2
15:18:35.0682 0456 \Device\Harddisk0\DR0\Partition2 - ok
15:18:35.0698 0456 ============================================================
15:18:35.0698 0456 Scan finished
15:18:35.0698 0456 ============================================================
15:18:35.0859 6652 Detected object count: 0
15:18:35.0859 6652 Actual detected object count: 0

Alt 28.03.2013, 19:20   #10
markusg
/// Malware-holic
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



sorry war im urlaub, und dann krank
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.04.2013, 20:30   #11
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-06.02 - ASUS 07.04.2013  21:17:18.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6056.4398 [GMT 2:00]
ausgeführt von:: c:\users\ASUS\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BRowsE2soave
c:\programdata\BRowsE2soave\515d90e3ac165.dll
c:\programdata\BRowsE2soave\515d90e3ac165.tlb
c:\programdata\BRowsE2soave\settings.ini
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-07 bis 2013-04-07  ))))))))))))))))))))))))))))))
.
.
2013-04-07 19:22 . 2013-04-07 19:22	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-07 19:22 . 2013-04-07 19:22	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-04-07 19:22 . 2013-04-07 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-04 14:42 . 2013-04-04 14:42	--------	d-----w-	c:\programdata\SoftSafe
2013-04-04 14:41 . 2013-04-04 14:43	--------	d-----w-	c:\users\ASUS\AppData\Roaming\Systweak
2013-04-04 14:41 . 2013-01-01 16:32	20488	----a-w-	c:\windows\system32\roboot64.exe
2013-04-04 14:41 . 2013-04-04 14:41	--------	d-----w-	c:\program files (x86)\BrowseToSave
2013-04-04 14:40 . 2013-04-04 14:42	--------	d-----w-	c:\programdata\InstallMate
2013-03-28 05:32 . 2013-03-28 05:31	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-28 05:32 . 2013-03-28 05:31	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-28 05:32 . 2013-03-28 05:31	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-25 22:56 . 2013-03-25 22:56	--------	d-----w-	c:\users\ASUS\AppData\Local\SkypeWebPlugin
2013-03-25 22:56 . 2013-03-25 22:56	--------	d-----w-	c:\program files (x86)\SkypeWebPlugin
2013-03-21 00:27 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-19 09:25 . 2013-03-19 09:25	--------	d-----w-	C:\found.000
2013-03-14 12:32 . 2013-03-14 12:32	--------	d-----w-	C:\_OTL
2013-03-14 12:31 . 2013-03-14 12:31	--------	d-----w-	c:\users\ASUS\AppData\Roaming\eDownload
2013-03-14 10:38 . 2013-02-02 06:43	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-03-12 11:28 . 2013-03-12 11:28	--------	d-----w-	c:\users\ASUS\AppData\Local\Samsung
2013-03-12 11:28 . 2013-03-12 11:28	--------	d-----w-	c:\users\ASUS\AppData\Roaming\Samsung
2013-03-12 11:20 . 2013-03-12 11:20	--------	d-----w-	c:\program files (x86)\MyFree Codec
2013-03-12 11:17 . 2013-02-05 16:53	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2013-03-12 11:17 . 2013-02-05 16:52	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2013-03-12 11:16 . 2013-03-12 11:24	--------	d-----w-	c:\program files (x86)\Samsung
2013-03-12 11:16 . 2013-03-12 11:24	--------	d-----w-	c:\programdata\Samsung
2013-03-12 11:07 . 2013-03-12 11:07	--------	d-----w-	c:\users\ASUS\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-07 13:03 . 2012-11-27 09:34	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-03-14 10:40 . 2013-03-07 08:07	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 16:54 . 2013-01-08 08:39	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 16:54 . 2013-01-08 08:39	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-07 08:00 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-03-07 08:00 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-03-07 07:05 . 2013-03-07 07:05	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 07:05 . 2012-12-02 09:19	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-07 07:05 . 2012-12-02 09:19	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 13:12	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 13:12	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 13:12	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 13:12	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 13:12	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:12	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-09 12:37 . 2013-02-09 12:37	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-06 06:42 . 2013-02-06 06:42	203544	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-02-06 06:42 . 2013-02-06 06:42	102936	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-02-05 16:52 . 2013-02-05 16:52	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52	30568	----a-w-	c:\windows\MusiccityDownload.exe
2013-02-05 16:52 . 2013-02-05 16:52	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-10 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-03-10 22:38	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-10 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_D5DDF34FE692FC2EA1B8968615A3C02A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-03-21 1312720]
"DAEMON Tools Lite"="c:\users\ASUS\Desktop\Ahmet\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Akamai NetSession Interface"="c:\users\ASUS\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Browser Infrastructure Helper"="c:\users\ASUS\AppData\Local\Smartbar\Application\SnapDo.exe" [2013-03-06 20992]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-03-10 1644680]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
.
c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-5-31 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-30 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-09 283200]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-28 565472]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 11:12	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 16:54]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 09:16]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 09:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-30 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-30 2188904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=hp&installDate=01/01/1970
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE: Free YouTube to MP3 Converter - c:\users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-1ClickDownload - c:\program files (x86)\hdvidcodec.com\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-07  21:24:31
ComboFix-quarantined-files.txt  2013-04-07 19:24
.
Vor Suchlauf: 12 Verzeichnis(se), 103.257.030.656 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 102.782.550.016 Bytes frei
.
- - End Of File - - 356206792EB8D9C18292345F271E4690
         
--- --- ---

Alt 11.04.2013, 17:33   #12
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-06.02 - ASUS 07.04.2013  21:17:18.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6056.4398 [GMT 2:00]
ausgeführt von:: c:\users\ASUS\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BRowsE2soave
c:\programdata\BRowsE2soave\515d90e3ac165.dll
c:\programdata\BRowsE2soave\515d90e3ac165.tlb
c:\programdata\BRowsE2soave\settings.ini
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-07 bis 2013-04-07  ))))))))))))))))))))))))))))))
.
.
2013-04-07 19:22 . 2013-04-07 19:22	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-07 19:22 . 2013-04-07 19:22	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-04-07 19:22 . 2013-04-07 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-04 14:42 . 2013-04-04 14:42	--------	d-----w-	c:\programdata\SoftSafe
2013-04-04 14:41 . 2013-04-04 14:43	--------	d-----w-	c:\users\ASUS\AppData\Roaming\Systweak
2013-04-04 14:41 . 2013-01-01 16:32	20488	----a-w-	c:\windows\system32\roboot64.exe
2013-04-04 14:41 . 2013-04-04 14:41	--------	d-----w-	c:\program files (x86)\BrowseToSave
2013-04-04 14:40 . 2013-04-04 14:42	--------	d-----w-	c:\programdata\InstallMate
2013-03-28 05:32 . 2013-03-28 05:31	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-28 05:32 . 2013-03-28 05:31	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-28 05:32 . 2013-03-28 05:31	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-25 22:56 . 2013-03-25 22:56	--------	d-----w-	c:\users\ASUS\AppData\Local\SkypeWebPlugin
2013-03-25 22:56 . 2013-03-25 22:56	--------	d-----w-	c:\program files (x86)\SkypeWebPlugin
2013-03-21 00:27 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-19 09:25 . 2013-03-19 09:25	--------	d-----w-	C:\found.000
2013-03-14 12:32 . 2013-03-14 12:32	--------	d-----w-	C:\_OTL
2013-03-14 12:31 . 2013-03-14 12:31	--------	d-----w-	c:\users\ASUS\AppData\Roaming\eDownload
2013-03-14 10:38 . 2013-02-02 06:43	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-03-12 11:28 . 2013-03-12 11:28	--------	d-----w-	c:\users\ASUS\AppData\Local\Samsung
2013-03-12 11:28 . 2013-03-12 11:28	--------	d-----w-	c:\users\ASUS\AppData\Roaming\Samsung
2013-03-12 11:20 . 2013-03-12 11:20	--------	d-----w-	c:\program files (x86)\MyFree Codec
2013-03-12 11:17 . 2013-02-05 16:53	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2013-03-12 11:17 . 2013-02-05 16:52	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2013-03-12 11:16 . 2013-03-12 11:24	--------	d-----w-	c:\program files (x86)\Samsung
2013-03-12 11:16 . 2013-03-12 11:24	--------	d-----w-	c:\programdata\Samsung
2013-03-12 11:07 . 2013-03-12 11:07	--------	d-----w-	c:\users\ASUS\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-07 13:03 . 2012-11-27 09:34	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-03-14 10:40 . 2013-03-07 08:07	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 16:54 . 2013-01-08 08:39	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 16:54 . 2013-01-08 08:39	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-07 08:00 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-03-07 08:00 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-03-07 07:05 . 2013-03-07 07:05	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 07:05 . 2012-12-02 09:19	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-07 07:05 . 2012-12-02 09:19	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 13:12	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 13:12	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 13:12	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 13:12	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 13:12	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:12	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-09 12:37 . 2013-02-09 12:37	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-06 06:42 . 2013-02-06 06:42	203544	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-02-06 06:42 . 2013-02-06 06:42	102936	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-02-05 16:52 . 2013-02-05 16:52	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52	30568	----a-w-	c:\windows\MusiccityDownload.exe
2013-02-05 16:52 . 2013-02-05 16:52	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-10 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-03-10 22:38	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-10 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_D5DDF34FE692FC2EA1B8968615A3C02A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-03-21 1312720]
"DAEMON Tools Lite"="c:\users\ASUS\Desktop\Ahmet\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Akamai NetSession Interface"="c:\users\ASUS\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Browser Infrastructure Helper"="c:\users\ASUS\AppData\Local\Smartbar\Application\SnapDo.exe" [2013-03-06 20992]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-03-10 1644680]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
.
c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-5-31 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-30 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-09 283200]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-28 565472]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 11:12	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 16:54]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 09:16]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 09:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-30 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-30 2188904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=hp&installDate=01/01/1970
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=069eb989-c345-4ecb-82a5-db29749c056a&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE: Free YouTube to MP3 Converter - c:\users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-1ClickDownload - c:\program files (x86)\hdvidcodec.com\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-07  21:24:31
ComboFix-quarantined-files.txt  2013-04-07 19:24
.
Vor Suchlauf: 12 Verzeichnis(se), 103.257.030.656 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 102.782.550.016 Bytes frei
.
- - End Of File - - 356206792EB8D9C18292345F271E4690
         
--- --- ---

Alt 21.04.2013, 18:20   #13
Ahmet
 
Snap.Do Trojaner! Wie entferne ich Snap.Do? - Standard

Snap.Do Trojaner! Wie entferne ich Snap.Do?



hallo?

Antwort

Themen zu Snap.Do Trojaner! Wie entferne ich Snap.Do?
administrator, anti-malware, autostart, board, brauche, browser, bösartige, dateien, entferne, explorer, malwarebytes, minute, namens, objekte, quick, registrierung, scan, speicher, test, troja, trojaner, trojaner board, version, verzeichnisse



Ähnliche Themen: Snap.Do Trojaner! Wie entferne ich Snap.Do?


  1. Kann Snap.do & Snap.do engine gar nicht deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (3)
  2. Snap.do / Snap.do engine entdeckt
    Log-Analyse und Auswertung - 23.05.2015 (9)
  3. Trojaner snap.do
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (8)
  4. Snap.Do
    Log-Analyse und Auswertung - 17.12.2013 (15)
  5. wie entferne ich " snap.Do " von meinem PC, Deinstallation bisher erfolglos
    Log-Analyse und Auswertung - 19.11.2013 (3)
  6. Über Gefahren eines Trojaners diskutieren? Trojaner = snap.do
    Lob, Kritik und Wünsche - 06.10.2013 (1)
  7. Windows 7: Snap-do und div. Trojaner/Viren eingefangen , Avira und Malwarebytes-Funde
    Log-Analyse und Auswertung - 03.10.2013 (12)
  8. Windows 8, 64 Bit: Wie entferne ich LyricsContainer, snap do u.a. müll & Falschmeldungen?
    Log-Analyse und Auswertung - 06.09.2013 (7)
  9. Wie entferne ich Snap.Do?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (3)
  10. Snap.do Trojaner lässt sich nicht auf herkömmliche Weise entfernen
    Log-Analyse und Auswertung - 15.07.2013 (27)
  11. snap.do
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (7)
  12. snap.do
    Log-Analyse und Auswertung - 11.06.2013 (35)
  13. snap.do
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (18)
  14. Snap.do Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (23)
  15. "search.snap.do" als Startseite und "Snap.Do" auf Symbolleiste
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (37)
  16. Snap.do-Trojaner gefunden
    Log-Analyse und Auswertung - 23.12.2012 (11)
  17. snap do-Trojaner
    Log-Analyse und Auswertung - 23.10.2012 (6)

Zum Thema Snap.Do Trojaner! Wie entferne ich Snap.Do? - Hey, in letzter zeit wurde mein Chrom Browser immer wieder von einem Program/trojaner namens Snap.do übernommen. Ich habe danach gegoogelt und habe rausgefunden das es wohl ein Trojaner ist, jedoch - Snap.Do Trojaner! Wie entferne ich Snap.Do?...
Archiv
Du betrachtest: Snap.Do Trojaner! Wie entferne ich Snap.Do? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.