Netbook Backdoor versucht, Passwörter gehackt!

donniedarko · 14.05.2012, 09:24

Hallo Leute,
Gestern bekamen ein paar Leute von mir eine Spammail von meinem GMX-Account inkl. Virus.
Ich vermute ich hab mir irgendwas eingefangen.

Ich hoffe ihr könnt mich weiterhelfen.

Code:

ATTFilter

Malwarebytes:
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.13.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcus :: MARCUS-EEEPC [Administrator]

Schutz: Aktiviert

14.05.2012 00:58:21
mbam-log-2012-05-14 (00-58-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200770
Laufzeit: 22 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Marcus\AppData\Local\Temp\is-BSUII.tmp\DealioToolbar-stub-1.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/14/2012 9:54:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Marcus\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 235.43 Mb Available Physical Memory | 23.21% Memory free
1.99 Gb Paging File | 0.73 Gb Available in Paging File | 36.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.94 Gb Free Space | 19.92% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 13.59 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2012/05/06 11:40:43 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/05 15:38:12 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 19:03:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/06 11:40:42 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/18 09:26:14 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 11:40:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/05 15:38:12 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 19:03:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aj77l0wd)
DRV - [2012/05/14 09:50:59 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\weckg.sys -- (jdwrp)
DRV - [2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CESG502.SYS -- (PVUSB)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/05 15:38:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/05 15:38:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/01/10 18:02:47 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/08/02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/10 09:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [1999/03/06 13:38:28 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASUSHWIO.SYS -- (asushwio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\..\SearchScopes,DefaultScope = {CFB29CFD-38CD-45DA-8D09-B824417EEEB1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{CFB29CFD-38CD-45DA-8D09-B824417EEEB1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 11:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 16:42:08 | 000,000,000 | ---D | M]
 
[2011/01/03 22:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/05/02 20:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions
[2011/01/28 12:33:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/30 18:34:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/15 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/30 18:34:26 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011/08/23 21:08:26 | 000,025,939 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
[2012/05/06 11:40:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/03 23:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/12/21 11:14:26 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/06 21:43:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 21:43:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/06 21:43:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/10/06 21:43:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/06 21:43:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 21:43:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON BX305 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A020C8-05B7-4AAD-B2AC-EB300F9D73D4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE60F15E-2C5D-436D-80C2-6B3D7392C60A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 01:01:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:56:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2012/05/14 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 00:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 00:56:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/14 00:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/14 00:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/14 00:34:39 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/05/14 00:11:19 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/05/14 00:08:16 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/05/13 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Avira
[2012/05/08 16:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\CASIO
[2012/05/08 16:32:14 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2012/05/06 11:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012/05/03 11:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/05/03 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/05/03 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/05/03 10:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2012/05/03 10:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/04/21 13:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/19 13:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 09:50:59 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\weckg.sys
[2012/05/14 09:30:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:04:17 | 000,002,413 | ---- | M] () -- C:\windows\System32\lgAxconfig.ini
[2012/05/13 20:29:09 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/13 20:04:59 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 20:04:59 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/13 19:52:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/13 19:51:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 12:18:24 | 000,440,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/11 11:30:03 | 000,657,676 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/11 11:30:03 | 000,618,912 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/11 11:30:03 | 000,131,016 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/11 11:30:03 | 000,107,232 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/10 14:58:41 | 000,000,008 | ---- | M] () -- C:\windows\System32\ctsn32.dll
[2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\windows\System32\drivers\CESG502.SYS
[2012/05/08 16:34:43 | 000,000,008 | ---- | M] () -- C:\windows\System32\tcdl2.dll
[2012/05/03 11:09:05 | 000,000,308 | ---- | M] () -- C:\windows\setup.iss
[2012/04/19 13:50:07 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/14 09:50:59 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\weckg.sys
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\tcdl2.dll
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\ctsn32.dll
[2012/05/03 11:08:34 | 000,000,308 | ---- | C] () -- C:\windows\setup.iss
[2012/04/19 13:50:07 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/01/30 21:54:11 | 000,038,428 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/01/30 21:54:06 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/11 20:01:15 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll
[2011/08/11 20:01:15 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini
[2011/07/05 16:46:03 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/05/25 22:22:57 | 000,038,422 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011/02/18 12:42:06 | 000,007,607 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2011/01/11 13:32:05 | 000,008,192 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 22:30:01 | 000,111,104 | ---- | C] () -- C:\windows\System32\Uharc.exe
[2011/01/03 22:30:01 | 000,008,636 | ---- | C] () -- C:\windows\System32\modifype.exe
[2010/12/29 08:43:34 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/12/28 19:50:41 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2010/12/28 19:34:48 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/12/28 19:34:48 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/10/05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2010/06/24 18:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 18:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 18:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 18:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 18:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
 
========== LOP Check ==========
 
[2011/02/08 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Amazon
[2011/01/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Bump Technologies, Inc
[2011/04/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CompanionLink
[2011/01/10 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2011/01/28 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/14 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Electronic Arts
[2012/05/03 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/02/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FastCopy
[2011/01/28 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Foxit Software
[2011/05/17 16:36:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FreeFLVConverter
[2011/04/06 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/04/05 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HTC
[2011/01/21 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Miranda
[2011/01/03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenOffice.org
[2011/04/06 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Softplicity
[2011/01/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Windows SideBar
[2012/04/26 12:51:08 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/06/23 22:21:29 | 001,048,576 | -H-- | M] () -- C:\CAPTURE.AVI
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | -H-- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | -H-- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | -H-- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | -H-- | M] () -- C:\globdata.ini
[2012/05/13 19:51:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | -H-- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | -H-- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | -H-- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | -H-- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | -H-- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/05/13 19:51:58 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2010/12/28 19:35:33 | 000,002,119 | -H-- | M] () -- C:\RHDSetup.log
[2007/11/07 09:00:40 | 000,005,686 | -H-- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | -H-- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | -H-- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/06/22 19:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/14 03:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/14 03:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009/07/10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\windows\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\windows\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\windows\system32\ws2help.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-13 22:42:36
 
<           >

< End of report >

--- --- ---
[/code]

Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 5/14/2012 9:54:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Marcus\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 235.43 Mb Available Physical Memory | 23.21% Memory free
1.99 Gb Paging File | 0.73 Gb Available in Paging File | 36.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.94 Gb Free Space | 19.92% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 13.59 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C41E75-88D4-45A6-B4F2-0E75A36617AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A3885C6-B8A6-46A9-8A49-A9C913D8D1F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1330C376-17AA-432C-8F13-75129C37C549}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{17575CF3-DCBB-4B3C-9A95-0CAAFBFBA718}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{18EF1DE9-896F-4C13-BBB2-2FD990AFDCBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B65B3BA-7F73-459C-998F-A94774088207}" = rport=137 | protocol=17 | dir=out | app=system | 
"{230E1CA9-C97D-4E4E-86FC-3AE1C46DBCAC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2573D109-4EEE-4BBD-B95E-E049E6E29A5B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2CE5D76A-BBC1-4835-B6AA-85C8465CD1ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{392CEE02-A3EE-430D-AA5E-FEC1B1AC8A20}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3D2411A3-868D-47C5-90A6-9D2452A35706}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F7DF836-7684-4D97-89F6-78DC410743D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{416E336B-CA6B-4866-A9E7-F2F9463CB92A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{47EFD8EF-7C41-4BF0-8E35-ECA7EB990F0C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4FE3A40A-D7AE-4C16-B2FE-DBE2DC482CCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53CC27A5-7396-4F92-A872-228029B1C1C5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{56764840-778A-49A1-940E-F0E22806E862}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5FF7322A-5A9C-4296-A343-1E6319BC0D92}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6357E87C-F789-4C79-8717-DE4D2635A231}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{63678C75-EF5D-40AA-91A6-7D4908264E0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6ED2F8F2-DED5-43E1-927E-B14EF954791B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{784A2AC3-DA31-4BE6-B9BC-5368B524765A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7D79EC28-4392-4E85-8DC9-AAEA15026FD2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{811AD7F3-5434-437B-88D4-61508F96512D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{82550C39-611F-4519-8DA1-D29AA4BFB658}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{88583089-283B-4E85-8649-BBDCF9E43793}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{966438D6-71B9-49C0-9CC4-F32770150E06}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9B41D560-72DB-4D83-9C3B-0485D273F16E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{B85B4608-D475-400A-A335-8F84A9F8A8B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BF6DE93D-B6E6-4AC2-BC7B-3A37573DB46C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C8664489-5B02-42E0-AC8C-31ED06321294}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{CEB565F7-7750-4A66-8714-7D5ACFD4CE49}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D21DE822-AAAE-45EE-B6BC-AA2027D4ACA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2FCAD9D-23BD-44CF-A02B-FDAC911457FF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E5A7DEB9-2B0E-41CE-B198-5EC29EC83035}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7B47B63-6EE5-4AD0-8B66-036FB615B724}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F602AA5A-9828-4584-BB02-8948F29BFA0E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F753DDFC-EAAB-4272-8BF6-1DC4937CD540}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F9A1924E-2E2C-4B12-9C38-FE312487534B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FAE8E498-C4F3-4DBC-9064-944A21A93197}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E475C57-8585-472D-BADF-FE72DC43C448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FEB2207-1BE1-49E8-843F-1C0D6CEBBFFF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{342C8B45-BD45-40A0-B166-BD3E067062AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{49FEA0A5-7FAB-4C8C-98B0-CE40E3FDEFC3}" = protocol=6 | dir=out | app=system | 
"{55A014B2-68E5-4B69-91AA-135CEB947963}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{55AA8E81-F9D7-4431-BB12-118C9E16BF45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A01866C-A772-478D-AAC7-C754D9D1C513}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{64477760-F130-470A-8F09-35DCDAEFB2ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{65051865-47BB-4C5E-8F2E-3485B16BAEFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6F89B273-26E0-43FF-B924-D4F5761F8393}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73F45AA2-31FE-4EAE-9056-594B82D51BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{89698982-724C-45EA-8186-3693E616C9CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B3C7334-C42A-4029-A1EA-73308CF3C6D4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{939CC37C-7F7E-4824-995B-DF81210A0FC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D1B0EBC-C2CB-46E6-8576-AE5AAD58E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6F84EA7-FF24-4DC3-9087-6623280BFFC7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{B082068D-34B8-4FD3-9FCD-BD517288EF4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B9F4398E-5838-4F8F-80F0-BBFE0FE9F248}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C24DD7FB-FA09-4AE0-AE1D-FF66007954F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3ACD4FA-2D1D-428C-9798-4DB4F3C97787}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C43D9277-9DBE-4639-ABF5-2206458E6D6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C45DE543-9306-4E69-8F1C-0755B96BFCA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8919642-0D80-4741-9440-E2D305A93A85}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CD470C28-CA75-4C58-8E07-405C8EB9064F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D3CDA400-6707-4CA6-B383-6E9F834DBB41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA02A00A-846B-4AE9-908F-B16841D798B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DC414A8B-63B8-4A39-A388-00EDB2E7682F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E73A3FAA-D35F-4948-94CE-8E7DA24C3D56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FC14CFF0-4FC2-45FC-B0DE-6D2698E2600E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD0CD60E-7F14-4E38-88B2-47D316D2E37A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{03EBD576-41F9-43D6-AE24-70B656C175CE}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{162B4EC8-0394-4D12-9D1C-0E2FB1933EE6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{18CEC996-03D4-4383-BD88-6BC3EE19F6D6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{275E3436-6C4B-423A-B829-40765C995B18}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{809DE0E3-9150-4FBA-A30A-A6EE75641A59}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{99702156-AF2F-4092-835F-8799A2D8862B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{B31CE671-A378-46BA-94F5-FA9F35564CC3}C:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=c:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe | 
"TCP Query User{E90CA908-A45B-41FF-AA5B-754ACB383AC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{173A96C5-CF84-44D2-8A33-A3C71FAB64CC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4836255E-4AB0-4596-95DE-8EFC1342CC33}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6EC2220A-4248-4A1A-A9AA-CCD5172BFA76}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{BFC476AD-4873-40F2-B749-043C8989C2F0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{D7162B56-CCBC-4E63-97ED-E1D09AB18E87}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{D7ED3ADA-C3F9-4EE7-AA75-144629B7CDED}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{E442430F-848B-4292-AB0F-6D137D272B00}C:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=c:\users\marcus\desktop\cryptload 1.1.8\cryptload1.1.8\routerclient.exe | 
"UDP Query User{F95F63C0-C463-4E79-A143-467FF4A01E72}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{14757070-5AE3-434C-9880-8F571E5C0FCB}" = Anti-reCAPTCHA v3.02 JD
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53FB84B2-23CC-47BE-903F-EC1841459509}" = Program-Link FA-CP1 (Single License)
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{71F205E9-C01C-47C5-B029-8AAC14AF03F1}" = ClassPad Manager v3  (30 Day Trial)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
"{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC984DA1-8718-4557-BAB6-947718C454DF}" = PDF-XChange Viewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 6.94.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.14
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Mail Converter_is1" = TotalMailConverter
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/19/2012 7:40:51 AM | Computer Name = Marcus-EeePC | Source = Application Hang | ID = 1002
Description = Programm SuperOneClick.exe, Version 2.3.3.0 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1360    Startzeit: 01cd1e211c183208    Endzeit: 17    Anwendungspfad: 
C:\Users\Marcus\Desktop\P970 Mod\SuperOneClickv2.3.3-ShortFuse\SuperOneClick.exe

Berichts-ID:
 800317cc-8a14-11e1-bc8b-20cf3052a631  
 
Error - 4/19/2012 7:42:27 AM | Computer Name = Marcus-EeePC | Source = Application Hang | ID = 1002
Description = Programm SuperOneClick.exe, Version 2.3.3.0 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 128c    Startzeit: 01cd1e21473cfc71    Endzeit: 25    Anwendungspfad: 
C:\Users\Marcus\Desktop\P970 Mod\SuperOneClickv2.3.3-ShortFuse\SuperOneClick.exe

Berichts-ID:
 b2024975-8a14-11e1-bc8b-20cf3052a631  
 
Error - 4/20/2012 6:03:57 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6e8042ff
ID
 des fehlerhaften Prozesses: 0xbc0  Startzeit der fehlerhaften Anwendung: 0x01cd1edcbb2bcfa7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: 246acacb-8ad0-11e1-bcd4-20cf3052a631
 
Error - 4/21/2012 4:25:14 PM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6e9f42ff
ID
 des fehlerhaften Prozesses: 0xbb0  Startzeit der fehlerhaften Anwendung: 0x01cd1ffca777c598
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: 19777476-8bf0-11e1-bc36-20cf3052a631
 
Error - 4/24/2012 7:30:20 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x720042ff
ID
 des fehlerhaften Prozesses: 0x910  Startzeit der fehlerhaften Anwendung: 0x01cd220d67e40653
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: df3c408b-8e00-11e1-bc70-20cf3052a631
 
Error - 5/3/2012 4:42:22 AM | Computer Name = Marcus-EeePC | Source = RpcNs | ID = 2
Description = 
 
Error - 5/3/2012 4:42:22 AM | Computer Name = Marcus-EeePC | Source = RpcNs | ID = 2
Description = 
 
Error - 5/3/2012 4:53:15 AM | Computer Name = Marcus-EeePC | Source = VSS | ID = 8194
Description = 
 
Error - 5/3/2012 5:08:27 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
 16.0.0.400, Zeitstempel: 0x4ab84bb7  Name des fehlerhaften Moduls: ISSetup.dll, Version:
 16.0.0.400, Zeitstempel: 0x4ab84b70  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a7a6f
ID
 des fehlerhaften Prozesses: 0x1510  Startzeit der fehlerhaften Anwendung: 0x01cd290c4176ea8d
Pfad
 der fehlerhaften Anwendung: C:\Users\Marcus\AppData\Local\Temp\WZSE0.TMP\setup.exe
Pfad
 des fehlerhaften Moduls: C:\Users\Marcus\AppData\Local\Temp\WZSE0.TMP\ISSetup.dll
Berichtskennung:
 8af027a9-94ff-11e1-9883-20cf3052a631
 
Error - 5/6/2012 4:59:51 AM | Computer Name = Marcus-EeePC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ONENOTEM.EXE, Version: 12.0.6500.5000,
 Zeitstempel: 0x49a6b036  Name des fehlerhaften Moduls: rapi.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x465eef68  Ausnahmecode: 0xc0000005  Fehleroffset: 0x703442ff
ID
 des fehlerhaften Prozesses: 0xbec  Startzeit der fehlerhaften Anwendung: 0x01cd2b6663e983c8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Pfad
 des fehlerhaften Moduls: rapi.dll  Berichtskennung: d68f7761-9759-11e1-bc2b-20cf3052a631
 
[ System Events ]
Error - 3/11/2012 11:17:36 AM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" ist 
vom Dienst "Windows Mobile-basierte Geräteverbindungen" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1053
 
Error - 3/11/2012 12:50:06 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Mobile-basierte Geräteverbindungen erreicht.
 
Error - 3/11/2012 12:50:08 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10005
Description = 
 
Error - 3/11/2012 12:50:08 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Mobile-basierte Geräteverbindungen" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 3/11/2012 4:11:44 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010
Description = 
 
Error - 3/11/2012 6:24:18 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010
Description = 
 
Error - 3/11/2012 6:38:30 PM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 3/11/2012 6:38:34 PM | Computer Name = Marcus-EeePC | Source = DCOM | ID = 10010
Description = 
 
Error - 3/14/2012 11:47:27 AM | Computer Name = Marcus-EeePC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 3/20/2012 4:34:11 AM | Computer Name = Marcus-EeePC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >

--- --- ---
[/code]

cosinus · 14.05.2012, 11:03

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

donniedarko · 14.05.2012, 18:17

So also nun die Logs.

Malwarebytes Kompletttest:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.02

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcus :: MARCUS-EEEPC [Administrator]

Schutz: Aktiviert

14.05.2012 12:07:39
mbam-log-2012-05-14 (13-50-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351092
Laufzeit: 1 Stunde(n), 15 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\4Sync_1.0.2.exe (PUP.BundleInstaller.4S) -> Keine Aktion durchgeführt.
D:\Firefox\SoftonicDownloader_fuer_opera-mini.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)

Quarantäne wurde gelöscht!

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d7d4d7fa07d1ad468a3591802b8520e9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 04:50:06
# local_time=2012-05-14 06:50:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 685 685 0 0
# compatibility_mode=5893 16776573 100 94 1608 88629201 0 0
# compatibility_mode=8192 67108863 100 0 561 561 0 0
# scanned=164114
# found=11
# cleaned=0
# scan_time=16198
C:\$Recycle.Bin\S-1-5-21-1144298715-4213825143-681980742-1000\$R3LXFZF\psneuter	Android/Exploit.Lotoor.AK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marcus\Desktop\Documents\P970 Mod\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter	Android/Exploit.Lotoor.AK trojan (unable to clean)	00000000000000000000000000000000	I
D:\Externe\Fotos\SAVE\Firefox\coretemp_1236.exe	a variant of Win32/InstallIQ application (unable to clean)	00000000000000000000000000000000	I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader18679.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_mario-kart-360.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_pontifex.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_snow-transformation-pack(2).exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader_fuer_snow-transformation-pack.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\Firefox\Setup_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
D:\Firefox\YouTubeDownloaderSetup33.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

cosinus · 14.05.2012, 18:35

Zitat:

C:\$Recycle.Bin\S-1-5-21-1144298715-4213825143-681980742-1000\$R3LXFZF\psneuter Android/Exploit.Lotoor.AK

Wieso spielst du mit riskantem Zeug rum?

Zitat:

D:\Externe\Fotos\SAVE\Firefox\SoftonicDownloader

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

donniedarko · 14.05.2012, 18:38

Also das erste scheint vom Flashen meines smartphones zu sein.
Das zweite ist ein Ordner mit Datein vom Laptop meiner Freundin, die Datein haben wir rüber kopiert bevor wir ihr System neu aufgesetzt haben.

Ist mein System nun sauber?

cosinus · 14.05.2012, 19:04

Wir haben gerade die ersten Logs erstellt, so schnell geht das nicht eine Aussage zu treffen!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

donniedarko · 14.05.2012, 19:07

Ich hab weder Systemeinschränkungen noch fehlt etwas im Startmenü.
Schon mal vielen Dank.

cosinus · 14.05.2012, 19:07

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

donniedarko · 14.05.2012, 20:18

so hier nun die log von otl

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/14/2012 8:36:56 PM - Run 2
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Marcus\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 294.05 Mb Available Physical Memory | 28.99% Memory free
1.99 Gb Paging File | 0.91 Gb Available in Paging File | 45.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 15.20 Gb Free Space | 19.00% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 13.50 Gb Free Space | 24.99% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-EEEPC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2012/05/03 10:36:58 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGJE.EXE
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/06/09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 04:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 04:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/01/29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/04/23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/09/07 18:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2006/11/30 16:03:48 | 000,434,688 | ---- | M] () -- C:\Program Files\TotalMailConverter\axTotalConverter.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 11:40:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 10:36:59 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2012/05/03 10:36:59 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/07 18:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aj9uwzjx)
DRV - [2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CESG502.SYS -- (PVUSB)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/10 18:02:47 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/08/02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/21 16:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/13 04:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 04:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/10 09:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com/ [binary data]
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes,DefaultScope = {CFB29CFD-38CD-45DA-8D09-B824417EEEB1}
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\SearchScopes\{CFB29CFD-38CD-45DA-8D09-B824417EEEB1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=efdfc26e-9f38-4e3f-82b4-2e96e8d1c438&apn_ptnrs=%5EABT&apn_sauid=4914482C-0EF4-4785-B7C7-AE168E5500AC&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 11:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 16:42:08 | 000,000,000 | ---D | M]
 
[2011/01/03 22:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/05/02 20:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions
[2011/01/28 12:33:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/30 18:34:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/15 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/30 18:34:26 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011/08/23 21:08:26 | 000,025,939 | ---- | M] () (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX2Z6ZWQ.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
[2012/05/06 11:40:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/03 23:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/12/21 11:14:26 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/06 21:43:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 21:43:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/06 21:43:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011/10/06 21:43:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/06 21:43:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 21:43:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000..\Run: [EPSON BX305 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A020C8-05B7-4AAD-B2AC-EB300F9D73D4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE60F15E-2C5D-436D-80C2-6B3D7392C60A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: B2C_AGENT - hkey= - key= - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
MsConfig - StartUpReg: LG LinkAir - hkey= - key= -  File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 14:17:38 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Avira
[2012/05/14 14:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/14 14:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/14 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/05/14 14:09:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Marcus\Desktop\esetsmartinstaller_enu.exe
[2012/05/14 14:09:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/05/14 14:09:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/14 14:09:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/05/14 14:09:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/05/14 14:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/14 14:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/14 01:01:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:56:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2012/05/14 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 00:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 00:56:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/14 00:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/14 00:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/14 00:34:39 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/05/14 00:11:19 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/05/14 00:08:16 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/05/08 16:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CASIO
[2012/05/08 16:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\CASIO
[2012/05/08 16:32:14 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2012/05/06 11:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012/05/03 11:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/05/03 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/05/03 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/05/03 10:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2012/05/03 10:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/04/21 13:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/19 13:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 20:30:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 20:29:01 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 14:15:44 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 14:15:44 | 000,013,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 14:11:17 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/14 14:09:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Marcus\Desktop\esetsmartinstaller_enu.exe
[2012/05/14 14:07:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/14 14:07:11 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 01:01:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2012/05/14 00:04:17 | 000,002,413 | ---- | M] () -- C:\windows\System32\lgAxconfig.ini
[2012/05/11 12:18:24 | 000,440,496 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/11 11:30:03 | 000,657,676 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/11 11:30:03 | 000,618,912 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/11 11:30:03 | 000,131,016 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/11 11:30:03 | 000,107,232 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/10 14:58:41 | 000,000,008 | ---- | M] () -- C:\windows\System32\ctsn32.dll
[2012/05/08 16:45:50 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\windows\System32\drivers\CESG502.SYS
[2012/05/08 16:34:43 | 000,000,008 | ---- | M] () -- C:\windows\System32\tcdl2.dll
[2012/05/03 11:09:05 | 000,000,308 | ---- | M] () -- C:\windows\setup.iss
[2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/04/19 13:50:07 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/14 14:11:17 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\tcdl2.dll
[2012/05/08 16:34:43 | 000,000,008 | ---- | C] () -- C:\windows\System32\ctsn32.dll
[2012/05/03 11:08:34 | 000,000,308 | ---- | C] () -- C:\windows\setup.iss
[2012/04/19 13:50:07 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\ADB
[2012/04/19 13:49:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\P970Mod
[2012/04/19 11:46:00 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2012/01/30 21:54:11 | 000,038,428 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/01/30 21:54:06 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/11 20:01:15 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll
[2011/08/11 20:01:15 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini
[2011/07/05 16:46:03 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/05/25 22:22:57 | 000,038,422 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011/02/18 12:42:06 | 000,007,607 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2011/01/11 13:32:05 | 000,008,192 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 22:30:01 | 000,111,104 | ---- | C] () -- C:\windows\System32\Uharc.exe
[2011/01/03 22:30:01 | 000,008,636 | ---- | C] () -- C:\windows\System32\modifype.exe
[2010/12/29 08:43:34 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/12/28 19:50:41 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2010/12/28 19:34:48 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/12/28 19:34:48 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/10/05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2010/06/24 18:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 18:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 18:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 18:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 18:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
 
========== LOP Check ==========
 
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/06/24 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2011/02/08 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Amazon
[2011/01/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Bump Technologies, Inc
[2011/04/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CompanionLink
[2011/01/10 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2011/01/28 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/14 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Electronic Arts
[2012/05/03 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/02/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FastCopy
[2011/01/28 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Foxit Software
[2011/05/17 16:36:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FreeFLVConverter
[2011/04/06 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/04/05 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HTC
[2011/01/21 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Miranda
[2011/01/03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenOffice.org
[2011/04/06 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Softplicity
[2011/01/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Windows SideBar
[2012/04/26 12:51:08 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/06/24 18:55:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Adobe
[2011/02/08 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Amazon
[2012/05/14 14:17:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Avira
[2011/01/21 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Bump Technologies, Inc
[2011/04/06 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CompanionLink
[2011/01/10 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite
[2011/01/28 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/14 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Electronic Arts
[2012/05/03 11:04:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\EPSON
[2012/02/16 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FastCopy
[2011/01/28 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Foxit Software
[2011/05/17 16:36:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FreeFLVConverter
[2011/04/06 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/04/05 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HTC
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Identities
[2010/06/24 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\InstallShield
[2010/06/24 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Macromedia
[2012/05/14 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2011/10/23 22:56:22 | 000,000,000 | --SD | M] -- C:\Users\Marcus\AppData\Roaming\Microsoft
[2011/01/21 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Miranda
[2011/01/03 22:04:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Mozilla
[2011/01/03 23:13:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenOffice.org
[2011/04/06 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Softplicity
[2011/07/21 19:24:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\vlc
[2012/02/29 12:13:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Winamp
[2011/01/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Windows SideBar
[2011/01/03 22:25:14 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012/05/08 16:47:13 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\ARPPRODUCTICON.exe
[2012/05/08 16:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut1_71F205E9C01C47C5B0298AAC14AF03F1.exe
[2012/05/08 16:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut2_71F205E9C01C47C5B0298AAC14AF03F1.exe
[2010/12/30 21:01:44 | 000,119,808 | R--- | M] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | -H-- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/01/10 18:02:47 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 15.05.2012, 08:50

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=efdfc26e-9f38-4e3f-82b4-2e96e8d1c438&apn_ptnrs=%5EABT&apn_sauid=4914482C-0EF4-4785-B7C7-AE168E5500AC&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
[2011/01/28 12:33:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\Shell\AutoRun\command - "" = F:\setup.exe -a
:Files
C:\Program Files\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

donniedarko · 15.05.2012, 13:23

Hier das LOG von Fix.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: ffxtlbr@Facemoods.com:1.2.1 removed from extensions.enabledItems
Prefs.js: dealio@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=efdfc26e-9f38-4e3f-82b4-2e96e8d1c438&apn_ptnrs=%5EABT&apn_sauid=4914482C-0EF4-4785-B7C7-AE168E5500AC&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\dx2z6zwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1144298715-4213825143-681980742-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1144298715-4213825143-681980742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e1179c5-1cd3-11e0-9ad3-20cf3052a631}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e94df3e-f929-11e0-8c12-20cf3052a631}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc7cedbf-8129-11e0-92d8-20cf3052a631}\ not found.
File F:\setup.exe -a not found.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
->Flash cache emptied: 56823 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marcus
->Temp folder emptied: 631788799 bytes
->Temporary Internet Files folder emptied: 21096874 bytes
->Java cache emptied: 908743 bytes
->FireFox cache emptied: 264389899 bytes
->Flash cache emptied: 87208 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 292044110 bytes
RecycleBin emptied: 4998580583 bytes
 
Total Files Cleaned = 5,922.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Marcus
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05152012_140359

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\windows\temp\HS.log moved successfully.

Registry entries deleted on Reboot...

donniedarko · 15.05.2012, 21:45

So ComboFix ist auch durch.
[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-15.04 - Marcus 15.05.2012  22:18:47.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.1014.399 [GMT 2:00]
ausgeführt von:: c:\users\Marcus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\windows\system32\ctsn32.dll
c:\windows\system32\service
c:\windows\system32\service\30122010_TIS17_PcDce.log
c:\windows\system32\tcdl2.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-15 bis 2012-05-15  ))))))))))))))))))))))))))))))
.
.
2012-05-15 20:35 . 2012-05-15 20:35	--------	d-----w-	c:\users\Marcus\AppData\Local\temp
2012-05-15 20:35 . 2012-05-15 20:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-15 12:03 . 2012-05-15 12:03	--------	d-----w-	C:\_OTL
2012-05-15 11:26 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C93A629D-C3EC-4D5B-BE9B-328E8B0951C0}\mpengine.dll
2012-05-14 12:17 . 2012-05-14 12:17	--------	d-----w-	c:\users\Marcus\AppData\Roaming\Avira
2012-05-14 12:10 . 2012-05-14 12:10	--------	d-----w-	c:\program files\ESET
2012-05-14 12:10 . 2012-05-14 12:10	--------	d-----w-	c:\users\Default\AppData\Local\AskToolbar
2012-05-14 12:09 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-14 12:09 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-14 12:09 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-05-14 12:08 . 2012-05-14 12:11	--------	d-----w-	c:\programdata\Avira
2012-05-14 12:08 . 2012-05-14 12:08	--------	d-----w-	c:\program files\Avira
2012-05-13 22:56 . 2012-05-13 22:56	--------	d-----w-	c:\users\Marcus\AppData\Roaming\Malwarebytes
2012-05-13 22:56 . 2012-05-13 22:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-13 22:56 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-13 22:56 . 2012-05-13 22:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-13 22:11 . 2012-05-13 22:11	--------	d-----w-	c:\windows\system32\SPReview
2012-05-13 22:08 . 2012-05-13 22:08	--------	d-----w-	c:\windows\system32\EventProviders
2012-05-08 14:47 . 2012-05-08 14:47	45056	----a-r-	c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut2_71F205E9C01C47C5B0298AAC14AF03F1.exe
2012-05-08 14:47 . 2012-05-08 14:47	45056	----a-r-	c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut1_71F205E9C01C47C5B0298AAC14AF03F1.exe
2012-05-08 14:47 . 2012-05-08 14:47	45056	----a-r-	c:\users\Marcus\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\ARPPRODUCTICON.exe
2012-05-08 14:47 . 2012-05-08 14:56	--------	d-----w-	c:\program files\CASIO
2012-05-08 14:32 . 2012-05-08 14:32	--------	d-----w-	c:\windows\Downloaded Installations
2012-05-06 09:40 . 2012-05-06 09:40	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-06 09:40 . 2012-05-06 09:40	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 09:40 . 2012-05-06 09:40	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-03 09:10 . 2012-05-03 09:10	--------	d-----w-	c:\programdata\UDL
2012-05-03 09:03 . 2012-05-03 09:09	--------	d-----w-	c:\program files\Epson Software
2012-05-03 09:01 . 2012-05-03 09:04	--------	d-----w-	c:\users\Marcus\AppData\Roaming\EPSON
2012-05-03 08:56 . 2002-07-25 15:06	282624	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2012-05-03 08:43 . 2012-05-03 08:36	8192	----a-w-	c:\windows\system32\E_DCINST.DLL
2012-05-03 08:43 . 2012-05-03 08:36	63488	----a-w-	c:\windows\system32\E_FD4BGJE.DLL
2012-05-03 08:40 . 2011-08-09 22:00	341504	----a-w-	c:\windows\system32\esw2ud.dll
2012-05-03 08:40 . 2009-10-15 22:00	132560	----a-w-	c:\windows\system32\esdevapp.exe
2012-05-03 08:40 . 2009-10-15 22:00	12800	----a-w-	c:\windows\system32\escdev.dll
2012-05-03 08:40 . 2012-05-03 08:54	--------	d-----w-	c:\program files\epson
2012-04-19 11:07 . 2010-12-07 12:23	25088	----a-w-	c:\windows\system32\drivers\lgandmodem.sys
2012-04-19 11:07 . 2010-12-07 12:23	20736	----a-w-	c:\windows\system32\drivers\lganddiag.sys
2012-04-19 11:07 . 2010-12-07 12:23	20096	----a-w-	c:\windows\system32\drivers\lgandgps.sys
2012-04-19 11:07 . 2010-12-07 12:22	14336	----a-w-	c:\windows\system32\drivers\lgandbus.sys
2012-04-19 11:07 . 2010-08-02 14:19	25728	----a-w-	c:\windows\system32\drivers\lgandadb.sys
2012-04-19 11:07 . 2012-04-19 11:07	--------	d-----w-	c:\program files\LG Electronics
2012-04-19 08:38 . 2011-07-18 04:01	1419232	----a-w-	c:\windows\system32\wdfcoinstaller01005.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 14:45 . 2007-03-13 07:27	40672	----a-w-	c:\windows\system32\drivers\CESG502.SYS
2012-03-04 18:24 . 2012-03-04 18:24	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-04 18:24 . 2012-03-04 18:24	161792	----a-w-	c:\windows\system32\msls31.dll
2012-03-04 18:24 . 2012-03-04 18:24	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-04 18:24 . 2012-03-04 18:24	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-04 18:24 . 2012-03-04 18:24	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-04 18:24 . 2012-03-04 18:24	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-04 18:24 . 2012-03-04 18:24	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-03-04 18:24 . 2012-03-04 18:24	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-03-04 18:24 . 2012-03-04 18:24	367104	----a-w-	c:\windows\system32\html.iec
2012-03-04 18:24 . 2012-03-04 18:24	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-04 18:24 . 2012-03-04 18:24	152064	----a-w-	c:\windows\system32\wextract.exe
2012-03-04 18:24 . 2012-03-04 18:24	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-03-04 18:24 . 2012-03-04 18:24	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-03-04 18:24 . 2012-03-04 18:24	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-03-04 18:24 . 2012-03-04 18:24	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-04 18:24 . 2012-03-04 18:24	11776	----a-w-	c:\windows\system32\mshta.exe
2012-03-04 18:24 . 2012-03-04 18:24	101888	----a-w-	c:\windows\system32\admparse.dll
2012-03-01 05:53 . 2012-04-12 08:19	19312	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49 . 2012-04-12 08:19	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:45 . 2012-04-12 08:19	158720	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 08:19	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 08:31	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 08:31	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 08:31	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 08:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-23 08:18 . 2011-01-11 05:46	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-06 09:40 . 2011-03-25 10:41	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-12-28 2429]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53	404568	----a-w-	c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21	648072	----a-w-	c:\windows\WindowsMobile\wmdc.exe
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 25728]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]
R3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [2012-05-08 40672]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-10 721904]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-21 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2012-05-03 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2012-05-03 121856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 65204987
*Deregistered* - 65204987
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 18:24]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 18:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
IE: Free YouTube to MP3 Converter - c:\users\Marcus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\dx2z6zwq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
MSConfigStartUp-LG LinkAir - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-UnityWebPlayer - c:\users\Marcus\AppData\Local\Unity\WebPlayer\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-15  22:42:32
ComboFix-quarantined-files.txt  2012-05-15 20:42
.
Vor Suchlauf: 9 Verzeichnis(se), 18.397.224.960 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 18.293.604.352 Bytes frei
.
- - End Of File - - EBFA34042783364B2F129AB5E299AB6F

--- --- ---

cosinus · 15.05.2012, 14:01

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

donniedarko · 15.05.2012, 15:10

Das Log von TDSKiller

Code:

ATTFilter

15:54:34.0119 1020	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
15:54:34.0696 1020	============================================================
15:54:34.0696 1020	Current date / time: 2012/05/15 15:54:34.0696
15:54:34.0696 1020	SystemInfo:
15:54:34.0696 1020	
15:54:34.0696 1020	OS Version: 6.1.7600 ServicePack: 0.0
15:54:34.0696 1020	Product type: Workstation
15:54:34.0696 1020	ComputerName: MARCUS-EEEPC
15:54:34.0696 1020	UserName: Marcus
15:54:34.0696 1020	Windows directory: C:\windows
15:54:34.0696 1020	System windows directory: C:\windows
15:54:34.0696 1020	Processor architecture: Intel x86
15:54:34.0696 1020	Number of processors: 2
15:54:34.0696 1020	Page size: 0x1000
15:54:34.0696 1020	Boot type: Normal boot
15:54:34.0696 1020	============================================================
15:54:36.0084 1020	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:54:36.0100 1020	============================================================
15:54:36.0100 1020	\Device\Harddisk0\DR0:
15:54:36.0100 1020	MBR partitions:
15:54:36.0100 1020	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000800
15:54:36.0100 1020	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBE01000, BlocksNum 0x6C0E800
15:54:36.0100 1020	============================================================
15:54:36.0147 1020	C: <-> \Device\Harddisk0\DR0\Partition0
15:54:36.0209 1020	D: <-> \Device\Harddisk0\DR0\Partition1
15:54:36.0271 1020	============================================================
15:54:36.0271 1020	Initialize success
15:54:36.0271 1020	============================================================
15:54:44.0071 6080	============================================================
15:54:44.0071 6080	Scan started
15:54:44.0071 6080	Mode: Manual; SigCheck; TDLFS; 
15:54:44.0071 6080	============================================================
15:54:45.0959 6080	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
15:54:46.0240 6080	1394ohci - ok
15:54:46.0302 6080	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
15:54:46.0333 6080	ACPI - ok
15:54:46.0411 6080	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
15:54:46.0552 6080	AcpiPmi - ok
15:54:46.0614 6080	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:54:46.0677 6080	adp94xx - ok
15:54:46.0723 6080	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:54:46.0786 6080	adpahci - ok
15:54:46.0817 6080	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:54:46.0864 6080	adpu320 - ok
15:54:46.0895 6080	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:54:47.0035 6080	AeLookupSvc - ok
15:54:47.0129 6080	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
15:54:47.0254 6080	AFD - ok
15:54:47.0285 6080	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
15:54:47.0332 6080	agp440 - ok
15:54:47.0363 6080	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:54:47.0394 6080	aic78xx - ok
15:54:47.0441 6080	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:54:47.0519 6080	ALG - ok
15:54:47.0550 6080	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
15:54:47.0581 6080	aliide - ok
15:54:47.0613 6080	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
15:54:47.0644 6080	amdagp - ok
15:54:47.0659 6080	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
15:54:47.0691 6080	amdide - ok
15:54:47.0737 6080	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:54:47.0800 6080	AmdK8 - ok
15:54:47.0847 6080	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:54:47.0893 6080	AmdPPM - ok
15:54:47.0940 6080	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
15:54:47.0987 6080	amdsata - ok
15:54:48.0018 6080	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:54:48.0065 6080	amdsbs - ok
15:54:48.0081 6080	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
15:54:48.0127 6080	amdxata - ok
15:54:48.0159 6080	Andbus          (3e59df4984fbd6800d6621480b38a34e) C:\windows\system32\DRIVERS\lgandbus.sys
15:54:48.0283 6080	Andbus - ok
15:54:48.0315 6080	AndDiag         (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\windows\system32\DRIVERS\lganddiag.sys
15:54:48.0377 6080	AndDiag - ok
15:54:48.0424 6080	AndGps          (1d2c90e25483363d54b652898bbc8f2a) C:\windows\system32\DRIVERS\lgandgps.sys
15:54:48.0471 6080	AndGps - ok
15:54:48.0502 6080	ANDModem        (b1b06a95da2cac7fa19832c60c348c85) C:\windows\system32\DRIVERS\lgandmodem.sys
15:54:48.0580 6080	ANDModem - ok
15:54:48.0642 6080	androidusb      (54a40a58ff71936026f2e49ecfd487b8) C:\windows\system32\Drivers\lgandadb.sys
15:54:48.0736 6080	androidusb - ok
15:54:48.0923 6080	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:48.0954 6080	AntiVirSchedulerService - ok
15:54:49.0032 6080	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:49.0063 6080	AntiVirService - ok
15:54:49.0126 6080	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:54:49.0173 6080	AntiVirWebService - ok
15:54:49.0251 6080	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
15:54:49.0407 6080	AppID - ok
15:54:49.0438 6080	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:54:49.0672 6080	AppIDSvc - ok
15:54:49.0703 6080	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
15:54:49.0797 6080	Appinfo - ok
15:54:49.0859 6080	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
15:54:49.0921 6080	AppMgmt - ok
15:54:49.0968 6080	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:54:49.0999 6080	arc - ok
15:54:50.0031 6080	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:54:50.0062 6080	arcsas - ok
15:54:50.0124 6080	AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys
15:54:50.0202 6080	AsUpIO - ok
15:54:50.0233 6080	AsusService     (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
15:54:50.0265 6080	AsusService ( UnsignedFile.Multi.Generic ) - warning
15:54:50.0265 6080	AsusService - detected UnsignedFile.Multi.Generic (1)
15:54:50.0327 6080	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:54:50.0483 6080	AsyncMac - ok
15:54:50.0530 6080	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
15:54:50.0561 6080	atapi - ok
15:54:50.0670 6080	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
15:54:50.0826 6080	athr - ok
15:54:50.0982 6080	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
15:54:51.0091 6080	AudioEndpointBuilder - ok
15:54:51.0123 6080	Audiosrv        (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
15:54:51.0201 6080	Audiosrv - ok
15:54:51.0294 6080	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
15:54:51.0341 6080	avgntflt - ok
15:54:51.0388 6080	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
15:54:51.0435 6080	avipbb - ok
15:54:51.0466 6080	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
15:54:51.0497 6080	avkmgr - ok
15:54:51.0544 6080	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
15:54:51.0669 6080	AxInstSV - ok
15:54:51.0715 6080	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:54:51.0840 6080	b06bdrv - ok
15:54:51.0887 6080	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:54:51.0949 6080	b57nd60x - ok
15:54:52.0043 6080	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:54:52.0137 6080	BDESVC - ok
15:54:52.0168 6080	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:54:52.0261 6080	Beep - ok
15:54:52.0324 6080	BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
15:54:52.0433 6080	BFE - ok
15:54:52.0511 6080	BITS            (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll
15:54:52.0636 6080	BITS - ok
15:54:52.0683 6080	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:54:52.0745 6080	blbdrive - ok
15:54:52.0776 6080	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
15:54:52.0823 6080	bowser - ok
15:54:52.0854 6080	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:54:52.0901 6080	BrFiltLo - ok
15:54:52.0932 6080	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:54:52.0995 6080	BrFiltUp - ok
15:54:53.0041 6080	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
15:54:53.0119 6080	Browser - ok
15:54:53.0151 6080	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:54:53.0275 6080	Brserid - ok
15:54:53.0322 6080	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:54:53.0385 6080	BrSerWdm - ok
15:54:53.0431 6080	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:54:53.0494 6080	BrUsbMdm - ok
15:54:53.0541 6080	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:54:53.0587 6080	BrUsbSer - ok
15:54:53.0650 6080	BTCFilterService (4813df77ede536a52e3737971f910baa) C:\windows\system32\DRIVERS\motfilt.sys
15:54:53.0759 6080	BTCFilterService - ok
15:54:53.0806 6080	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:54:53.0915 6080	BthEnum - ok
15:54:53.0931 6080	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:54:53.0993 6080	BTHMODEM - ok
15:54:54.0040 6080	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:54:54.0102 6080	BthPan - ok
15:54:54.0180 6080	BTHPORT         (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
15:54:54.0258 6080	BTHPORT - ok
15:54:54.0305 6080	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:54:54.0399 6080	bthserv - ok
15:54:54.0445 6080	BTHUSB          (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
15:54:54.0492 6080	BTHUSB - ok
15:54:54.0523 6080	btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
15:54:54.0555 6080	btusbflt - ok
15:54:54.0586 6080	btwaudio - ok
15:54:54.0617 6080	btwavdt - ok
15:54:54.0633 6080	btwl2cap - ok
15:54:54.0648 6080	btwrchid - ok
15:54:54.0695 6080	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:54:54.0789 6080	cdfs - ok
15:54:54.0835 6080	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
15:54:54.0898 6080	cdrom - ok
15:54:54.0945 6080	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
15:54:55.0038 6080	CertPropSvc - ok
15:54:55.0069 6080	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:54:55.0132 6080	circlass - ok
15:54:55.0194 6080	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:54:55.0257 6080	CLFS - ok
15:54:55.0350 6080	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:55.0397 6080	clr_optimization_v2.0.50727_32 - ok
15:54:55.0475 6080	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:55.0522 6080	clr_optimization_v4.0.30319_32 - ok
15:54:55.0537 6080	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:54:55.0600 6080	CmBatt - ok
15:54:55.0615 6080	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
15:54:55.0662 6080	cmdide - ok
15:54:55.0725 6080	CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
15:54:55.0849 6080	CNG - ok
15:54:55.0881 6080	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:54:55.0912 6080	Compbatt - ok
15:54:55.0943 6080	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
15:54:55.0974 6080	CompositeBus - ok
15:54:56.0005 6080	COMSysApp - ok
15:54:56.0037 6080	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:54:56.0068 6080	crcdisk - ok
15:54:56.0130 6080	CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
15:54:56.0239 6080	CryptSvc - ok
15:54:56.0302 6080	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
15:54:56.0380 6080	CSC - ok
15:54:56.0442 6080	CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\windows\System32\cscsvc.dll
15:54:56.0536 6080	CscService - ok
15:54:56.0598 6080	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
15:54:56.0723 6080	DcomLaunch - ok
15:54:56.0785 6080	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:54:56.0895 6080	defragsvc - ok
15:54:56.0973 6080	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
15:54:57.0066 6080	DfsC - ok
15:54:57.0129 6080	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
15:54:57.0238 6080	Dhcp - ok
15:54:57.0269 6080	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:54:57.0363 6080	discache - ok
15:54:57.0409 6080	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:54:57.0441 6080	Disk - ok
15:54:57.0487 6080	Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
15:54:57.0565 6080	Dnscache - ok
15:54:57.0628 6080	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
15:54:57.0753 6080	dot3svc - ok
15:54:57.0784 6080	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
15:54:57.0877 6080	DPS - ok
15:54:57.0924 6080	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:54:57.0971 6080	drmkaud - ok
15:54:58.0049 6080	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
15:54:58.0143 6080	DXGKrnl - ok
15:54:58.0189 6080	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:54:58.0283 6080	EapHost - ok
15:54:58.0486 6080	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:54:58.0673 6080	ebdrv - ok
15:54:58.0782 6080	EFS             (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
15:54:58.0891 6080	EFS - ok
15:54:59.0001 6080	ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\windows\ehome\ehRecvr.exe
15:54:59.0110 6080	ehRecvr - ok
15:54:59.0157 6080	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:54:59.0250 6080	ehSched - ok
15:54:59.0344 6080	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:54:59.0422 6080	elxstor - ok
15:54:59.0515 6080	EPSON_EB_RPCV4_04 (b92f2b3247f0a99490c1298a1d3d7b4c) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
15:54:59.0562 6080	EPSON_EB_RPCV4_04 - ok
15:54:59.0609 6080	EPSON_PM_RPCV4_04 (651336b99c75fb54e4b5971cf458f9bd) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
15:54:59.0640 6080	EPSON_PM_RPCV4_04 - ok
15:54:59.0656 6080	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
15:54:59.0718 6080	ErrDev - ok
15:54:59.0812 6080	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:54:59.0921 6080	EventSystem - ok
15:54:59.0968 6080	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:55:00.0046 6080	exfat - ok
15:55:00.0093 6080	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:55:00.0186 6080	fastfat - ok
15:55:00.0264 6080	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
15:55:00.0389 6080	Fax - ok
15:55:00.0420 6080	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:55:00.0483 6080	fdc - ok
15:55:00.0514 6080	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:55:00.0607 6080	fdPHost - ok
15:55:00.0639 6080	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:55:00.0732 6080	FDResPub - ok
15:55:00.0748 6080	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:55:00.0795 6080	FileInfo - ok
15:55:00.0826 6080	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:55:00.0904 6080	Filetrace - ok
15:55:00.0935 6080	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:55:00.0982 6080	flpydisk - ok
15:55:01.0029 6080	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:55:01.0076 6080	FltMgr - ok
15:55:01.0154 6080	FontCache       (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
15:55:01.0278 6080	FontCache - ok
15:55:01.0372 6080	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:55:01.0403 6080	FontCache3.0.0.0 - ok
15:55:01.0419 6080	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:55:01.0450 6080	FsDepends - ok
15:55:01.0512 6080	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
15:55:01.0528 6080	fssfltr - ok
15:55:01.0668 6080	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:55:01.0746 6080	fsssvc - ok
15:55:01.0793 6080	Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
15:55:01.0824 6080	Fs_Rec - ok
15:55:01.0871 6080	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
15:55:01.0918 6080	fvevol - ok
15:55:01.0965 6080	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:55:01.0996 6080	gagp30kx - ok
15:55:02.0058 6080	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
15:55:02.0152 6080	gpsvc - ok
15:55:02.0261 6080	gupdate         (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:02.0292 6080	gupdate - ok
15:55:02.0292 6080	gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:02.0324 6080	gupdatem - ok
15:55:02.0370 6080	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:55:02.0433 6080	hcw85cir - ok
15:55:02.0480 6080	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
15:55:02.0558 6080	HdAudAddService - ok
15:55:02.0589 6080	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
15:55:02.0667 6080	HDAudBus - ok
15:55:02.0698 6080	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:55:02.0745 6080	HidBatt - ok
15:55:02.0760 6080	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:55:02.0807 6080	HidBth - ok
15:55:02.0823 6080	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:55:02.0885 6080	HidIr - ok
15:55:02.0932 6080	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
15:55:03.0057 6080	hidserv - ok
15:55:03.0088 6080	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
15:55:03.0150 6080	HidUsb - ok
15:55:03.0197 6080	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
15:55:03.0275 6080	hkmsvc - ok
15:55:03.0322 6080	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
15:55:03.0384 6080	HomeGroupListener - ok
15:55:03.0431 6080	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
15:55:03.0509 6080	HomeGroupProvider - ok
15:55:03.0556 6080	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
15:55:03.0587 6080	HpSAMD - ok
15:55:03.0650 6080	htcnprot        (339adefad60353f960e3ca67ce468c24) C:\windows\system32\DRIVERS\htcnprot.sys
15:55:03.0728 6080	htcnprot - ok
15:55:03.0774 6080	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
15:55:03.0899 6080	HTTP - ok
15:55:03.0930 6080	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
15:55:03.0962 6080	hwpolicy - ok
15:55:03.0993 6080	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
15:55:04.0040 6080	i8042prt - ok
15:55:04.0149 6080	IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:55:04.0196 6080	IAANTMON - ok
15:55:04.0258 6080	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
15:55:04.0289 6080	iaStor - ok
15:55:04.0336 6080	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
15:55:04.0398 6080	iaStorV - ok
15:55:04.0523 6080	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:55:04.0554 6080	IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:55:04.0554 6080	IDriverT - detected UnsignedFile.Multi.Generic (1)
15:55:04.0679 6080	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:55:04.0773 6080	idsvc - ok
15:55:05.0163 6080	igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
15:55:05.0428 6080	igfx - ok
15:55:05.0584 6080	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:55:05.0615 6080	iirsp - ok
15:55:05.0756 6080	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
15:55:05.0880 6080	IKEEXT - ok
15:55:06.0099 6080	IntcAzAudAddService (bf9866875edf86aae24dd8bd9418deff) C:\windows\system32\drivers\RTKVHDA.sys
15:55:06.0317 6080	IntcAzAudAddService - ok
15:55:06.0442 6080	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
15:55:06.0473 6080	intelide - ok
15:55:06.0504 6080	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:55:06.0567 6080	intelppm - ok
15:55:06.0598 6080	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:55:06.0692 6080	IPBusEnum - ok
15:55:06.0723 6080	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:55:06.0816 6080	IpFilterDriver - ok
15:55:06.0879 6080	iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
15:55:07.0004 6080	iphlpsvc - ok
15:55:07.0019 6080	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
15:55:07.0082 6080	IPMIDRV - ok
15:55:07.0113 6080	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:55:07.0206 6080	IPNAT - ok
15:55:07.0253 6080	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:55:07.0300 6080	IRENUM - ok
15:55:07.0347 6080	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
15:55:07.0378 6080	isapnp - ok
15:55:07.0409 6080	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
15:55:07.0472 6080	iScsiPrt - ok
15:55:07.0518 6080	ivusb           (37412294ea4b70ed8b4a9338ebaeecaa) C:\windows\system32\DRIVERS\ivusb.sys
15:55:07.0550 6080	ivusb - ok
15:55:07.0581 6080	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
15:55:07.0612 6080	kbdclass - ok
15:55:07.0643 6080	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
15:55:07.0706 6080	kbdhid - ok
15:55:07.0737 6080	kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
15:55:07.0768 6080	kbfiltr - ok
15:55:07.0799 6080	KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:07.0846 6080	KeyIso - ok
15:55:07.0877 6080	KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
15:55:07.0908 6080	KSecDD - ok
15:55:07.0940 6080	KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
15:55:07.0986 6080	KSecPkg - ok
15:55:08.0018 6080	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:55:08.0127 6080	KtmRm - ok
15:55:08.0174 6080	L1C             (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\windows\system32\DRIVERS\L1C62x86.sys
15:55:08.0236 6080	L1C - ok
15:55:08.0283 6080	LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll
15:55:08.0408 6080	LanmanServer - ok
15:55:08.0439 6080	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
15:55:08.0548 6080	LanmanWorkstation - ok
15:55:08.0579 6080	LgBttPort - ok
15:55:08.0595 6080	lgbusenum - ok
15:55:08.0610 6080	LGVMODEM - ok
15:55:08.0657 6080	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:55:08.0735 6080	lltdio - ok
15:55:08.0782 6080	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:55:08.0876 6080	lltdsvc - ok
15:55:08.0907 6080	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:55:09.0000 6080	lmhosts - ok
15:55:09.0063 6080	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:55:09.0094 6080	LSI_FC - ok
15:55:09.0125 6080	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:55:09.0156 6080	LSI_SAS - ok
15:55:09.0188 6080	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:55:09.0250 6080	LSI_SAS2 - ok
15:55:09.0266 6080	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:55:09.0312 6080	LSI_SCSI - ok
15:55:09.0344 6080	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:55:09.0437 6080	luafv - ok
15:55:09.0500 6080	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
15:55:09.0531 6080	MBAMProtector - ok
15:55:09.0671 6080	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:55:09.0749 6080	MBAMService - ok
15:55:09.0796 6080	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
15:55:09.0858 6080	Mcx2Svc - ok
15:55:09.0890 6080	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:55:09.0921 6080	megasas - ok
15:55:09.0968 6080	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:55:10.0014 6080	MegaSR - ok
15:55:10.0092 6080	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:55:10.0124 6080	Microsoft Office Groove Audit Service - ok
15:55:10.0155 6080	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:55:10.0248 6080	MMCSS - ok
15:55:10.0280 6080	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:55:10.0373 6080	Modem - ok
15:55:10.0420 6080	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:55:10.0467 6080	monitor - ok
15:55:10.0514 6080	motccgp         (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\windows\system32\DRIVERS\motccgp.sys
15:55:10.0607 6080	motccgp - ok
15:55:10.0638 6080	motccgpfl       (b812da6605caf02641312f1f65c75419) C:\windows\system32\DRIVERS\motccgpfl.sys
15:55:10.0685 6080	motccgpfl - ok
15:55:10.0748 6080	motmodem        (c3b0fd4f463e90b3917ff6ccea853bb6) C:\windows\system32\DRIVERS\motmodem.sys
15:55:10.0794 6080	motmodem - ok
15:55:10.0857 6080	MotoHelper      (36ac4deceae4226a5b5dd038c49658e1) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
15:55:10.0888 6080	MotoHelper - ok
15:55:10.0919 6080	MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\windows\system32\DRIVERS\motswch.sys
15:55:10.0997 6080	MotoSwitchService - ok
15:55:11.0028 6080	Motousbnet      (ddc489d40b49f443787e7ffa75373522) C:\windows\system32\DRIVERS\Motousbnet.sys
15:55:11.0106 6080	Motousbnet - ok
15:55:11.0138 6080	motusbdevice    (2136cca3d1bf7c0248e5366b1a6c24e3) C:\windows\system32\DRIVERS\motusbdevice.sys
15:55:11.0262 6080	motusbdevice - ok
15:55:11.0294 6080	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
15:55:11.0325 6080	mouclass - ok
15:55:11.0372 6080	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:55:11.0418 6080	mouhid - ok
15:55:11.0465 6080	mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
15:55:11.0512 6080	mountmgr - ok
15:55:11.0590 6080	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:55:11.0637 6080	MozillaMaintenance - ok
15:55:11.0668 6080	mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
15:55:11.0715 6080	mpio - ok
15:55:11.0730 6080	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:55:11.0808 6080	mpsdrv - ok
15:55:11.0886 6080	MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
15:55:12.0011 6080	MpsSvc - ok
15:55:12.0042 6080	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
15:55:12.0105 6080	MRxDAV - ok
15:55:12.0136 6080	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
15:55:12.0214 6080	mrxsmb - ok
15:55:12.0245 6080	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:55:12.0308 6080	mrxsmb10 - ok
15:55:12.0339 6080	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:55:12.0386 6080	mrxsmb20 - ok
15:55:12.0432 6080	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
15:55:12.0464 6080	msahci - ok
15:55:12.0495 6080	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
15:55:12.0526 6080	msdsm - ok
15:55:12.0573 6080	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:55:12.0620 6080	MSDTC - ok
15:55:12.0666 6080	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:55:12.0760 6080	Msfs - ok
15:55:12.0776 6080	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:55:12.0869 6080	mshidkmdf - ok
15:55:12.0900 6080	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
15:55:12.0932 6080	msisadrv - ok
15:55:12.0978 6080	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:55:13.0072 6080	MSiSCSI - ok
15:55:13.0088 6080	msiserver - ok
15:55:13.0150 6080	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:55:13.0244 6080	MSKSSRV - ok
15:55:13.0275 6080	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:55:13.0337 6080	MSPCLOCK - ok
15:55:13.0368 6080	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:55:13.0462 6080	MSPQM - ok
15:55:13.0493 6080	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:55:13.0540 6080	MsRPC - ok
15:55:13.0587 6080	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
15:55:13.0618 6080	mssmbios - ok
15:55:13.0634 6080	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:55:13.0712 6080	MSTEE - ok
15:55:13.0727 6080	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:55:13.0790 6080	MTConfig - ok
15:55:13.0821 6080	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:55:13.0852 6080	Mup - ok
15:55:13.0914 6080	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
15:55:14.0024 6080	napagent - ok
15:55:14.0086 6080	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:55:14.0180 6080	NativeWifiP - ok
15:55:14.0242 6080	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
15:55:14.0320 6080	NDIS - ok
15:55:14.0351 6080	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:55:14.0429 6080	NdisCap - ok
15:55:14.0460 6080	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:55:14.0538 6080	NdisTapi - ok
15:55:14.0570 6080	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
15:55:14.0663 6080	Ndisuio - ok
15:55:14.0710 6080	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
15:55:14.0788 6080	NdisWan - ok
15:55:14.0819 6080	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
15:55:14.0913 6080	NDProxy - ok
15:55:14.0991 6080	Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
15:55:15.0038 6080	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:55:15.0038 6080	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:55:15.0100 6080	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:55:15.0178 6080	NetBIOS - ok
15:55:15.0225 6080	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
15:55:15.0318 6080	NetBT - ok
15:55:15.0365 6080	Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:15.0412 6080	Netlogon - ok
15:55:15.0474 6080	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:55:15.0584 6080	Netman - ok
15:55:15.0646 6080	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:55:15.0755 6080	netprofm - ok
15:55:15.0849 6080	NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:55:15.0880 6080	NetTcpPortSharing - ok
15:55:15.0942 6080	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:55:15.0974 6080	nfrd960 - ok
15:55:16.0036 6080	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
15:55:16.0161 6080	NlaSvc - ok
15:55:16.0208 6080	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:55:16.0270 6080	Npfs - ok
15:55:16.0301 6080	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:55:16.0379 6080	nsi - ok
15:55:16.0395 6080	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:55:16.0488 6080	nsiproxy - ok
15:55:16.0613 6080	Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
15:55:16.0722 6080	Ntfs - ok
15:55:16.0863 6080	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:55:16.0941 6080	Null - ok
15:55:17.0003 6080	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
15:55:17.0034 6080	nvraid - ok
15:55:17.0066 6080	nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
15:55:17.0097 6080	nvstor - ok
15:55:17.0128 6080	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
15:55:17.0159 6080	nv_agp - ok
15:55:17.0315 6080	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:55:17.0362 6080	odserv - ok
15:55:17.0409 6080	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
15:55:17.0440 6080	ohci1394 - ok
15:55:17.0487 6080	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:55:17.0518 6080	ose - ok
15:55:17.0596 6080	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:55:17.0705 6080	p2pimsvc - ok
15:55:17.0752 6080	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
15:55:17.0830 6080	p2psvc - ok
15:55:17.0877 6080	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:55:17.0924 6080	Parport - ok
15:55:17.0970 6080	partmgr         (66d3415c159741ade7038a277efff99f) C:\windows\system32\drivers\partmgr.sys
15:55:18.0002 6080	partmgr - ok
15:55:18.0033 6080	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:55:18.0095 6080	Parvdm - ok
15:55:18.0189 6080	PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
15:55:18.0220 6080	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:55:18.0220 6080	PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:55:18.0267 6080	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
15:55:18.0345 6080	PcaSvc - ok
15:55:18.0376 6080	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
15:55:18.0407 6080	pci - ok
15:55:18.0438 6080	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
15:55:18.0470 6080	pciide - ok
15:55:18.0532 6080	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:55:18.0579 6080	pcmcia - ok
15:55:18.0626 6080	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:55:18.0672 6080	pcw - ok
15:55:18.0735 6080	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:55:18.0860 6080	PEAUTH - ok
15:55:19.0109 6080	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
15:55:19.0265 6080	PeerDistSvc - ok
15:55:19.0484 6080	pla             (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
15:55:19.0655 6080	pla - ok
15:55:19.0796 6080	PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
15:55:19.0889 6080	PlugPlay - ok
15:55:19.0936 6080	Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
15:55:19.0952 6080	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:55:19.0952 6080	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:55:19.0983 6080	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
15:55:20.0030 6080	PNRPAutoReg - ok
15:55:20.0076 6080	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:55:20.0139 6080	PNRPsvc - ok
15:55:20.0201 6080	Point32         (420336f91eb745811cf130c80ede0653) C:\windows\system32\DRIVERS\point32.sys
15:55:20.0232 6080	Point32 - ok
15:55:20.0279 6080	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
15:55:20.0388 6080	PolicyAgent - ok
15:55:20.0451 6080	Power           (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
15:55:20.0529 6080	Power - ok
15:55:20.0576 6080	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:55:20.0669 6080	PptpMiniport - ok
15:55:20.0716 6080	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:55:20.0763 6080	Processor - ok
15:55:20.0825 6080	ProfSvc         (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
15:55:20.0919 6080	ProfSvc - ok
15:55:20.0966 6080	ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:21.0012 6080	ProtectedStorage - ok
15:55:21.0059 6080	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:55:21.0153 6080	Psched - ok
15:55:21.0215 6080	PVUSB           (5039a4f67f781e03b79a4fd0cae27fc8) C:\windows\system32\DRIVERS\CESG502.sys
15:55:21.0278 6080	PVUSB - ok
15:55:21.0371 6080	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:55:21.0480 6080	ql2300 - ok
15:55:21.0621 6080	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:55:21.0652 6080	ql40xx - ok
15:55:21.0714 6080	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
15:55:21.0808 6080	QWAVE - ok
15:55:21.0870 6080	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:55:21.0948 6080	QWAVEdrv - ok
15:55:22.0011 6080	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll
15:55:22.0042 6080	RapiMgr - ok
15:55:22.0073 6080	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:55:22.0167 6080	RasAcd - ok
15:55:22.0198 6080	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:55:22.0276 6080	RasAgileVpn - ok
15:55:22.0307 6080	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
15:55:22.0385 6080	RasAuto - ok
15:55:22.0416 6080	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:55:22.0510 6080	Rasl2tp - ok
15:55:22.0588 6080	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
15:55:22.0728 6080	RasMan - ok
15:55:22.0775 6080	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:55:22.0869 6080	RasPppoe - ok
15:55:22.0900 6080	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:55:22.0994 6080	RasSstp - ok
15:55:23.0025 6080	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
15:55:23.0134 6080	rdbss - ok
15:55:23.0165 6080	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:55:23.0228 6080	rdpbus - ok
15:55:23.0259 6080	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
15:55:23.0337 6080	RDPCDD - ok
15:55:23.0384 6080	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
15:55:23.0477 6080	RDPDR - ok
15:55:23.0508 6080	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:55:23.0618 6080	RDPENCDD - ok
15:55:23.0664 6080	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:55:23.0758 6080	RDPREFMP - ok
15:55:23.0805 6080	RDPWD           (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
15:55:23.0867 6080	RDPWD - ok
15:55:23.0914 6080	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
15:55:23.0961 6080	rdyboost - ok
15:55:24.0023 6080	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
15:55:24.0148 6080	RemoteAccess - ok
15:55:24.0195 6080	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
15:55:24.0273 6080	RemoteRegistry - ok
15:55:24.0320 6080	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
15:55:24.0382 6080	RFCOMM - ok
15:55:24.0413 6080	RimUsb - ok
15:55:24.0444 6080	RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
15:55:24.0491 6080	RimVSerPort - ok
15:55:24.0538 6080	ROOTMODEM       (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
15:55:24.0632 6080	ROOTMODEM - ok
15:55:24.0678 6080	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
15:55:24.0772 6080	RpcEptMapper - ok
15:55:24.0803 6080	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
15:55:24.0866 6080	RpcLocator - ok
15:55:24.0912 6080	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
15:55:25.0006 6080	RpcSs - ok
15:55:25.0037 6080	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:55:25.0131 6080	rspndr - ok
15:55:25.0162 6080	SamSs           (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:25.0224 6080	SamSs - ok
15:55:25.0287 6080	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
15:55:25.0318 6080	sbp2port - ok
15:55:25.0365 6080	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
15:55:25.0443 6080	SCardSvr - ok
15:55:25.0474 6080	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
15:55:25.0536 6080	scfilter - ok
15:55:25.0614 6080	Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
15:55:25.0724 6080	Schedule - ok
15:55:25.0755 6080	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
15:55:25.0833 6080	SCPolicySvc - ok
15:55:25.0880 6080	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
15:55:25.0989 6080	SDRSVC - ok
15:55:26.0036 6080	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:55:26.0129 6080	secdrv - ok
15:55:26.0192 6080	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
15:55:26.0270 6080	seclogon - ok
15:55:26.0301 6080	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
15:55:26.0379 6080	SENS - ok
15:55:26.0426 6080	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
15:55:26.0519 6080	SensrSvc - ok
15:55:26.0550 6080	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:55:26.0582 6080	Serenum - ok
15:55:26.0628 6080	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:55:26.0675 6080	Serial - ok
15:55:26.0691 6080	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:55:26.0769 6080	sermouse - ok
15:55:26.0847 6080	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
15:55:26.0940 6080	SessionEnv - ok
15:55:26.0972 6080	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
15:55:27.0034 6080	sffdisk - ok
15:55:27.0081 6080	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
15:55:27.0112 6080	sffp_mmc - ok
15:55:27.0143 6080	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
15:55:27.0190 6080	sffp_sd - ok
15:55:27.0237 6080	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:55:27.0284 6080	sfloppy - ok
15:55:27.0346 6080	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
15:55:27.0455 6080	SharedAccess - ok
15:55:27.0518 6080	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
15:55:27.0596 6080	ShellHWDetection - ok
15:55:27.0627 6080	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
15:55:27.0658 6080	sisagp - ok
15:55:27.0705 6080	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:55:27.0736 6080	SiSRaid2 - ok
15:55:27.0767 6080	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:55:27.0798 6080	SiSRaid4 - ok
15:55:27.0830 6080	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:55:27.0908 6080	Smb - ok
15:55:27.0970 6080	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
15:55:28.0032 6080	SNMPTRAP - ok
15:55:28.0064 6080	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:55:28.0095 6080	spldr - ok
15:55:28.0157 6080	Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
15:55:28.0251 6080	Spooler - ok
15:55:28.0469 6080	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
15:55:28.0672 6080	sppsvc - ok
15:55:28.0828 6080	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
15:55:28.0937 6080	sppuinotify - ok
15:55:29.0046 6080	sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\windows\system32\Drivers\sptd.sys
15:55:29.0046 6080	Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
15:55:29.0046 6080	sptd ( LockedFile.Multi.Generic ) - warning
15:55:29.0046 6080	sptd - detected LockedFile.Multi.Generic (1)
15:55:29.0093 6080	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
15:55:29.0187 6080	srv - ok
15:55:29.0234 6080	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
15:55:29.0296 6080	srv2 - ok
15:55:29.0327 6080	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
15:55:29.0390 6080	srvnet - ok
15:55:29.0436 6080	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
15:55:29.0546 6080	SSDPSRV - ok
15:55:29.0608 6080	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
15:55:29.0639 6080	ssmdrv - ok
15:55:29.0670 6080	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
15:55:29.0748 6080	SstpSvc - ok
15:55:29.0780 6080	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:55:29.0826 6080	stexstor - ok
15:55:29.0873 6080	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
15:55:29.0998 6080	StiSvc - ok
15:55:30.0029 6080	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
15:55:30.0076 6080	swenum - ok
15:55:30.0123 6080	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
15:55:30.0248 6080	swprv - ok
15:55:30.0310 6080	SynTP           (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
15:55:30.0372 6080	SynTP - ok
15:55:30.0466 6080	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
15:55:30.0575 6080	SysMain - ok
15:55:30.0622 6080	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
15:55:30.0684 6080	TabletInputService - ok
15:55:30.0731 6080	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
15:55:30.0840 6080	TapiSrv - ok
15:55:30.0872 6080	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
15:55:30.0950 6080	TBS - ok
15:55:31.0090 6080	Tcpip           (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\drivers\tcpip.sys
15:55:31.0199 6080	Tcpip - ok
15:55:31.0402 6080	TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\DRIVERS\tcpip.sys
15:55:31.0480 6080	TCPIP6 - ok
15:55:31.0574 6080	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
15:55:31.0652 6080	tcpipreg - ok
15:55:31.0683 6080	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
15:55:31.0745 6080	TDPIPE - ok
15:55:31.0792 6080	TDTCP           (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
15:55:31.0854 6080	TDTCP - ok
15:55:31.0886 6080	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
15:55:31.0979 6080	tdx - ok
15:55:32.0010 6080	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
15:55:32.0042 6080	TermDD - ok
15:55:32.0104 6080	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
15:55:32.0229 6080	TermService - ok
15:55:32.0276 6080	Themes          (59cfda4eacb3788f8b17f87b49b0ac0e) C:\windows\system32\themeservice.dll
15:55:32.0322 6080	Themes ( UnsignedFile.Multi.Generic ) - warning
15:55:32.0322 6080	Themes - detected UnsignedFile.Multi.Generic (1)
15:55:32.0354 6080	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:55:32.0432 6080	THREADORDER - ok
15:55:32.0478 6080	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
15:55:32.0572 6080	TrkWks - ok
15:55:32.0650 6080	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
15:55:32.0681 6080	TrustedInstaller - ok
15:55:32.0728 6080	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
15:55:32.0822 6080	tssecsrv - ok
15:55:32.0868 6080	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
15:55:32.0946 6080	tunnel - ok
15:55:32.0962 6080	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:55:32.0993 6080	uagp35 - ok
15:55:33.0024 6080	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
15:55:33.0134 6080	udfs - ok
15:55:33.0196 6080	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
15:55:33.0274 6080	UI0Detect - ok
15:55:33.0305 6080	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
15:55:33.0336 6080	uliagpkx - ok
15:55:33.0383 6080	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
15:55:33.0446 6080	umbus - ok
15:55:33.0477 6080	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:55:33.0508 6080	UmPass - ok
15:55:33.0555 6080	UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\windows\System32\umrdp.dll
15:55:33.0648 6080	UmRdpService - ok
15:55:33.0711 6080	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
15:55:33.0851 6080	upnphost - ok
15:55:33.0882 6080	usbbus - ok
15:55:33.0960 6080	usbccgp         (5c233aefb566ee78c1efbc0493fb066a) C:\windows\system32\DRIVERS\usbccgp.sys
15:55:34.0038 6080	usbccgp - ok
15:55:34.0070 6080	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
15:55:34.0132 6080	usbcir - ok
15:55:34.0163 6080	UsbDiag - ok
15:55:34.0210 6080	usbehci         (5b71019a6aca0116fd21b368f19c0b91) C:\windows\system32\drivers\usbehci.sys
15:55:34.0272 6080	usbehci - ok
15:55:34.0319 6080	usbhub          (5823d3965c2a4f6f785ed1a3b403f3b8) C:\windows\system32\DRIVERS\usbhub.sys
15:55:34.0397 6080	usbhub - ok
15:55:34.0428 6080	USBModem - ok
15:55:34.0460 6080	usbohci         (e753ed6c49da13967ebabf9ea616454a) C:\windows\system32\drivers\usbohci.sys
15:55:34.0506 6080	usbohci - ok
15:55:34.0553 6080	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:55:34.0584 6080	usbprint - ok
15:55:34.0631 6080	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
15:55:34.0694 6080	usbscan - ok
15:55:34.0740 6080	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:55:34.0834 6080	USBSTOR - ok
15:55:34.0865 6080	usbuhci         (6a30928a469ce802600e1ea8c0f2f53f) C:\windows\system32\drivers\usbuhci.sys
15:55:34.0928 6080	usbuhci - ok
15:55:34.0974 6080	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
15:55:35.0068 6080	usbvideo - ok
15:55:35.0099 6080	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
15:55:35.0146 6080	usb_rndisx - ok
15:55:35.0193 6080	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
15:55:35.0271 6080	UxSms - ok
15:55:35.0318 6080	VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
15:55:35.0364 6080	VaultSvc - ok
15:55:35.0411 6080	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
15:55:35.0442 6080	vdrvroot - ok
15:55:35.0505 6080	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
15:55:35.0598 6080	vds - ok
15:55:35.0630 6080	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:55:35.0676 6080	vga - ok
15:55:35.0708 6080	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:55:35.0801 6080	VgaSave - ok
15:55:35.0848 6080	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
15:55:35.0895 6080	vhdmp - ok
15:55:35.0910 6080	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
15:55:35.0942 6080	viaagp - ok
15:55:35.0973 6080	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:55:36.0020 6080	ViaC7 - ok
15:55:36.0066 6080	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
15:55:36.0098 6080	viaide - ok
15:55:36.0129 6080	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
15:55:36.0160 6080	volmgr - ok
15:55:36.0207 6080	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:55:36.0254 6080	volmgrx - ok
15:55:36.0300 6080	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
15:55:36.0347 6080	volsnap - ok
15:55:36.0378 6080	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:55:36.0425 6080	vsmraid - ok
15:55:36.0519 6080	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
15:55:36.0612 6080	VSS - ok
15:55:36.0659 6080	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:55:36.0690 6080	vwifibus - ok
15:55:36.0737 6080	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:55:36.0800 6080	vwififlt - ok
15:55:36.0846 6080	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
15:55:36.0909 6080	vwifimp - ok
15:55:36.0956 6080	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
15:55:37.0065 6080	W32Time - ok
15:55:37.0143 6080	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:55:37.0174 6080	WacomPen - ok
15:55:37.0221 6080	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:55:37.0299 6080	WANARP - ok
15:55:37.0314 6080	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:55:37.0408 6080	Wanarpv6 - ok
15:55:37.0502 6080	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
15:55:37.0658 6080	wbengine - ok
15:55:37.0689 6080	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
15:55:37.0782 6080	WbioSrvc - ok
15:55:37.0860 6080	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll
15:55:37.0923 6080	WcesComm - ok
15:55:38.0048 6080	wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
15:55:38.0094 6080	wcncsvc - ok
15:55:38.0126 6080	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
15:55:38.0204 6080	WcsPlugInService - ok
15:55:38.0266 6080	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:55:38.0297 6080	Wd - ok
15:55:38.0360 6080	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:55:38.0422 6080	Wdf01000 - ok
15:55:38.0469 6080	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:55:38.0516 6080	WdiServiceHost - ok
15:55:38.0531 6080	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:55:38.0578 6080	WdiSystemHost - ok
15:55:38.0625 6080	WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
15:55:38.0718 6080	WebClient - ok
15:55:38.0765 6080	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
15:55:38.0874 6080	Wecsvc - ok
15:55:38.0906 6080	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
15:55:38.0999 6080	wercplsupport - ok
15:55:39.0046 6080	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
15:55:39.0124 6080	WerSvc - ok
15:55:39.0171 6080	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:55:39.0264 6080	WfpLwf - ok
15:55:39.0296 6080	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:55:39.0327 6080	WIMMount - ok
15:55:39.0452 6080	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:55:39.0561 6080	WinDefend - ok
15:55:39.0576 6080	WinHttpAutoProxySvc - ok
15:55:39.0639 6080	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
15:55:39.0748 6080	Winmgmt - ok
15:55:39.0842 6080	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
15:55:39.0998 6080	WinRM - ok
15:55:40.0091 6080	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
15:55:40.0138 6080	WinUsb - ok
15:55:40.0216 6080	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
15:55:40.0310 6080	Wlansvc - ok
15:55:40.0356 6080	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
15:55:40.0419 6080	WmiAcpi - ok
15:55:40.0497 6080	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
15:55:40.0544 6080	wmiApSrv - ok
15:55:40.0700 6080	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:55:40.0840 6080	WMPNetworkSvc - ok
15:55:40.0949 6080	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
15:55:41.0043 6080	WPCSvc - ok
15:55:41.0074 6080	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
15:55:41.0168 6080	WPDBusEnum - ok
15:55:41.0230 6080	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:55:41.0324 6080	ws2ifsl - ok
15:55:41.0370 6080	wscsvc          (a661a76333057b383a06e65f0073222f) C:\windows\System32\wscsvc.dll
15:55:41.0433 6080	wscsvc - ok
15:55:41.0448 6080	WSearch - ok
15:55:41.0589 6080	wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
15:55:41.0776 6080	wuauserv - ok
15:55:41.0932 6080	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
15:55:42.0010 6080	WudfPf - ok
15:55:42.0057 6080	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
15:55:42.0135 6080	WUDFRd - ok
15:55:42.0182 6080	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
15:55:42.0260 6080	wudfsvc - ok
15:55:42.0306 6080	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
15:55:42.0384 6080	WwanSvc - ok
15:55:42.0525 6080	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:55:42.0665 6080	\Device\Harddisk0\DR0 - ok
15:55:42.0681 6080	Boot (0x1200)   (664580346b7383c65e6b836f38578610) \Device\Harddisk0\DR0\Partition0
15:55:42.0681 6080	\Device\Harddisk0\DR0\Partition0 - ok
15:55:42.0759 6080	Boot (0x1200)   (512744c0235b96621820344228fa735e) \Device\Harddisk0\DR0\Partition1
15:55:42.0774 6080	\Device\Harddisk0\DR0\Partition1 - ok
15:55:42.0774 6080	============================================================
15:55:42.0774 6080	Scan finished
15:55:42.0774 6080	============================================================
15:55:42.0837 5276	Detected object count: 7
15:55:42.0837 5276	Actual detected object count: 7
16:08:07.0410 5276	AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0410 5276	AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:08:07.0410 5276	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0410 5276	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:08:07.0410 5276	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0410 5276	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:08:07.0426 5276	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0426 5276	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:08:07.0426 5276	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0426 5276	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:08:07.0442 5276	sptd ( LockedFile.Multi.Generic ) - skipped by user
16:08:07.0442 5276	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
16:08:07.0442 5276	Themes ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:07.0442 5276	Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 15.05.2012, 19:39

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Netbook Backdoor versucht, Passwörter gehackt!

Log-Analyse und Auswertung: Netbook Backdoor versucht, Passwörter gehackt!