Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.08.2012, 11:13   #1
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Hallo ihr Engel

Vorab schonmal danke, dass es euch gibt, auch wenn ich vlt am Ende dumm dasteh, konnte ich es dank euch wenigstens probieren und weiß, dass ich nicht alleine bin.

Habe vor etwa einer Stunde beim Besuch einer Website mit Firefox vom Avira Antivir TR/atrap.Gen2 und TR/sirefefxxxxx gemeldet bekommen und reflexmäßig Entfernen geklickt. Nachdem die Meldung kurze Zeit später erneut erschien, ließ ich den Systemscanner von Antivir die Dateien aufspüren, um festzustellen, dass diese ignoriert werden.

Bei meiner Suche nach Hile stieß ich auf euch und erstelle nun gemäß dem Hinweis einen neuen Beitrag.

mbam logfile:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Famous :: FAMOUS-PC [Administrator]

15.08.2012 10:59:51
mbam-log-2012-08-15 (10-59-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350463
Laufzeit: 44 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Famous\AppData\Local\Temp\209048718.exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Famous\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U\00000001.@ (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
otl.txt

Code:
ATTFilter
OTL logfile created on: 15.08.2012 11:49:38 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,86% Memory free
19,78 Gb Paging File | 17,79 Gb Available in Paging File | 89,92% Paging File free
Paging file location(s): c:\pagefile.sys 12153 12153 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301,93 Gb Total Space | 170,72 Gb Free Space | 56,54% Space Free | Partition Type: NTFS
Drive D: | 371,71 Gb Total Space | 327,10 Gb Free Space | 88,00% Space Free | Partition Type: NTFS
 
Computer Name: FAMOUS-PC | User Name: Famous | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ATKWMIACPIIO_) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.http: "188.165.249.205"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.25 16:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.25 16:36:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.03 18:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famous\AppData\Roaming\mozilla\Extensions
[2012.07.28 17:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famous\AppData\Roaming\mozilla\Firefox\Profiles\86967v9j.default\extensions
[2012.03.30 23:53:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Famous\AppData\Roaming\mozilla\Firefox\Profiles\86967v9j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.25 12:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.28 17:41:22 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\FAMOUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86967V9J.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.07.27 07:58:49 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\FAMOUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86967V9J.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.25 16:36:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.14 23:43:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 23:43:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 23:43:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 23:43:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 23:43:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 23:43:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Famous\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Famous\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Famous\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - Startup: C:\Users\Famous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{371B7F9A-F004-460C-9F47-EBD16F005D2B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91E080EB-8E19-4711-8E5E-FFDB46C80BD8}: DhcpNameServer = 13.5.0.10
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 10:51:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.15 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Famous\AppData\Roaming\Malwarebytes
[2012.08.15 10:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.15 10:45:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.15 10:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.15 10:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 13:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.15 11:47:45 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.08.15 11:47:04 | 000,375,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 11:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.15 11:46:44 | 2076,749,823 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.15 11:02:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 11:02:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 10:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 10:51:07 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.15 10:45:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.15 09:59:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 09:59:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.04 14:52:44 | 000,000,221 | ---- | M] () -- D:\Desktop\Saints Row The Third.url
[2012.08.04 11:29:03 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 11:29:03 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 11:29:03 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 11:29:03 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 11:29:02 | 001,529,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.02 21:42:40 | 000,108,521 | ---- | M] () -- D:\Desktop\bk.jpg
[2012.07.24 13:26:13 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.24 12:21:42 | 022,657,136 | ---- | M] () -- D:\Desktop\vlc-2.0.2-win32.exe
 
========== Files Created - No Company Name ==========
 
[2012.08.15 11:46:51 | 000,375,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 10:45:58 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.15 10:28:44 | 000,023,552 | ---- | C] () -- C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U\800000cb.@
[2012.08.15 10:28:44 | 000,016,896 | ---- | C] () -- C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U\80000000.@
[2012.08.04 14:52:44 | 000,000,221 | ---- | C] () -- D:\Desktop\Saints Row The Third.url
[2012.08.02 21:42:40 | 000,108,521 | ---- | C] () -- D:\Desktop\bk.jpg
[2012.07.24 13:26:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.24 12:16:49 | 022,657,136 | ---- | C] () -- D:\Desktop\vlc-2.0.2-win32.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.07 16:42:41 | 000,007,609 | ---- | C] () -- C:\Users\Famous\AppData\Local\Resmon.ResmonCfg
[2012.01.17 19:51:57 | 035,603,443 | ---- | C] () -- C:\Users\Famous\Viva_Vox_choir_-_The_Prodigy_Mix_a_cappella_-_YouTube.flv
[2012.01.11 13:01:44 | 000,002,048 | -HS- | C] () -- C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\@
[2012.01.03 17:58:07 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.10.11 21:15:57 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.10.11 20:57:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.12 10:14:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.12 10:13:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.12 10:13:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.12 10:13:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.12 10:13:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.12 10:13:03 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >
         
otl extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 15.08.2012 11:49:38 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,86% Memory free
19,78 Gb Paging File | 17,79 Gb Available in Paging File | 89,92% Paging File free
Paging file location(s): c:\pagefile.sys 12153 12153 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301,93 Gb Total Space | 170,72 Gb Free Space | 56,54% Space Free | Partition Type: NTFS
Drive D: | 371,71 Gb Total Space | 327,10 Gb Free Space | 88,00% Space Free | Partition Type: NTFS
 
Computer Name: FAMOUS-PC | User Name: Famous | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{191FDA53-9FD2-44E0-B543-62B3EBCBC2DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4568EED9-5F36-4DC8-A076-940DBB0F47D5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{498E0285-6617-4A8F-95BD-C8C107FCAB62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5090C68D-CBCD-48A4-8701-D553C678C052}" = lport=139 | protocol=6 | dir=in | app=system | 
"{583F9D24-CD25-4894-9C2C-44AE36055E5B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{70331EE6-EA1E-4A79-BE52-96279CE8CED4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{84BC487C-67F4-4D1C-8AB3-679722D15A95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{AD1CF990-BB86-4FFE-ADCD-90E1E44EE4DF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B6C0BD64-E715-40BF-BE44-71C7D36108E0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D7184AAB-529E-4626-8A67-8611DCC750CC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F0F8BE0C-EBF6-441A-BB6C-E5EB27950B00}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F1BAF7C9-2A7A-4AC6-B6F4-ADC44E90BBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0163F60B-116F-4ABD-A916-043AD6C9FDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{091E420A-0127-46CA-8733-E3FF9434A7CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0944AE13-0BF1-4C1F-9A2F-BE44F490B141}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{09F3ECE8-5BB1-494B-A832-7BA33662CC0F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{0D5EBE43-AC9E-4A20-BA29-F587D67C1A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{1B619722-E70A-4E23-90C1-09131DE5A0E5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{1EC97466-FC1B-468E-A8B7-3C03D33F37E2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2C81F7A0-EB6D-4852-919B-0D822454DFE4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{2F43ACCB-C518-473E-A955-AC6958E7162E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{305D2DCC-8161-44FD-B4DC-EEB1B13C256D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{35AB995A-BFBD-4C05-B7C4-D02A7CC2EE7E}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{462DE213-A202-4809-A482-94D393340AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{54BF7C56-E9EB-4472-8B79-BD95FD315B9A}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{551F3D76-9031-4664-B047-A8231B77E603}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{55B48FE8-20B7-49C1-BAA0-A17D2CCB4F37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{6532285C-BFD3-4BA2-8BFE-D82FC468BEA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{66EA8126-B1AF-4FDE-87B4-671A46CE28B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{67A5CB01-AD4C-4AA7-AA7F-7C341D377FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{6A16DA0A-CB51-42B6-B7E3-E51AEAE94D8F}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{6FCE8C69-68FE-43A7-B5CE-F9EBA243EC0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{7DD30DBC-009E-4F83-BAFA-2F3283F3ADB0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7E8488EB-4951-42FF-9812-36AE659A3DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8863ED39-1D27-4B9A-8A67-6513B5DD8EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{896E6F27-28B9-4D1C-8380-6735468B9255}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{9A028AC1-F2E1-417C-8111-0064DF286D27}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{9A5CCC7F-A1B1-4E68-AF2F-F5051BF0BBDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{A8B7742F-8B07-447B-8B18-9F98C83B9BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{B2E0837D-9192-42CE-9FC2-D96230A38F45}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{BA987221-C9D6-4CDF-AEF1-223FD389691D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{C36C00FF-573B-46D4-985B-E75D09D0D56A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{D3DDC063-FFA3-44B5-915F-15EEEF64C5A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{DD1A4B4A-426F-4F4C-B9F6-336292700A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{E8A53C18-69C3-4F2F-8307-E7C4A4BD289E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{E90C6C04-68D6-4B26-8D6F-CBD76442E49C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E9CDA5F8-7270-4E3F-BA92-70CE6F5AC7A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{ED0CCD28-1098-4E45-9A29-DEFD7069AAFA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{FD54BCD2-AD6E-4F98-AB9E-EDDDD4472DA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"TCP Query User{24B2AB78-E95B-4D4D-9A7B-FC993D85A9D0}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{68CB42E9-C911-45DF-8F0C-D03DAD975DA0}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{8989275A-D02C-4287-817B-F9377AC7C663}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"TCP Query User{943A6BC6-8B29-4541-9934-76AF77A7A6B8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{0EA27ED2-88BA-4A07-B58E-F12D4DC7396D}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{2C4B2F44-68A4-4BCE-ADDB-42E9F356CF96}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"UDP Query User{350C35FF-5DF8-4C26-A832-DF71E565D9D9}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{8FD7428E-22CF-4F65-B5DC-DA7ECEF8CBAF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.6.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_N5_En" = AsusScr_N5_En
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Steam App 55230" = Saints Row: The Third
"Steam App 57900" = Duke Nukem Forever
"Steam App 72850" = The Elder Scrolls V: Skyrim
"The Secret World_is1" = The Secret World
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"87163c321079ebae" = SWTOR-CompatLogViewer
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.05.2012 16:01:58 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.05.2012 16:32:38 | Computer Name = Famous-PC | Source = Application Hang | ID = 1002
Description = Programm ts3client_win64.exe, Version 3.0.3.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1008    Startzeit: 01cd2e07f8e975dc    Endzeit: 17552    Anwendungspfad:
 C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe    Berichts-ID: 0e3e69bd-9a16-11e1-9748-ac72891cb8ac

 
Error - 10.05.2012 04:39:10 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.05.2012 04:39:10 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.05.2012 04:40:42 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.05.2012 04:40:42 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.05.2012 04:40:49 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.05.2012 04:40:49 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.05.2012 04:40:49 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.05.2012 04:40:49 | Computer Name = Famous-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 04.08.2012 08:14:55 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 07.08.2012 15:50:56 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.08.2012 15:50:56 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12.08.2012 17:28:15 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12.08.2012 17:28:15 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 14.08.2012 02:54:48 | Computer Name = Famous-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{97A73BC9-1C2C-423A-AA72-899D64767E23} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 15.08.2012 04:57:48 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 15.08.2012 04:57:48 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 15.08.2012 05:49:33 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 15.08.2012 05:49:33 | Computer Name = Famous-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Habe die von mbam gefunden Dateien noch nicht aus der Quarantäne entfernt.


Mit freundlichen Grüßen

Bastian

Geändert von BMK (15.08.2012 um 11:19 Uhr)

Alt 18.08.2012, 10:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:
Habe vor etwa einer Stunde beim Besuch einer Website mit Firefox vom Avira Antivir TR/atrap.Gen2 und TR/sirefefxxxxx gemeldet bekommen und reflexmäßig Entfernen geklickt. Nachdem die Meldung kurze Zeit später erneut erschien, ließ ich den Systemscanner von Antivir die Dateien aufspüren, um festzustellen, dass diese ignoriert werden.
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 18.08.2012, 19:26   #3
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Hallo cosinus

Nein, das war mein erster uns bisher einziger scan mit Malewarebytes Antimalware, von daher ist der oben gepostetet Log der erste und bisher einzige.

Leider ist der entsprechende Log von Antivir nicht mehr vorhanden ( wegen anschließendem CCleaner evtl?), hier das Log eines aktuellen Scans

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 18. August 2012  19:31

Es wird nach 4112359 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : FAMOUS-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1167    40870 Bytes  18.07.2012 19:07:00
AVSCAN.EXE     : 12.3.0.33     468472 Bytes  09.08.2012 07:59:42
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 19:51:56
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 19:51:57
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 19:51:57
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 19:48:35
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 15:56:20
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 19:58:42
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 21:17:49
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 20:11:15
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 20:11:16
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 20:11:16
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 20:11:16
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 20:11:17
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 20:11:17
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 20:11:17
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 20:11:17
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 20:11:18
VBASE014.VDF   : 7.11.38.18   2554880 Bytes  30.07.2012 07:25:09
VBASE015.VDF   : 7.11.38.70    556032 Bytes  31.07.2012 07:46:33
VBASE016.VDF   : 7.11.38.143   171008 Bytes  02.08.2012 07:46:33
VBASE017.VDF   : 7.11.38.221   178176 Bytes  06.08.2012 07:59:08
VBASE018.VDF   : 7.11.39.37    168448 Bytes  08.08.2012 07:59:20
VBASE019.VDF   : 7.11.39.89    131072 Bytes  09.08.2012 07:59:05
VBASE020.VDF   : 7.11.39.145   142336 Bytes  11.08.2012 09:07:28
VBASE021.VDF   : 7.11.39.207   165888 Bytes  14.08.2012 09:07:28
VBASE022.VDF   : 7.11.39.208     2048 Bytes  14.08.2012 09:07:28
VBASE023.VDF   : 7.11.39.209     2048 Bytes  14.08.2012 09:07:29
VBASE024.VDF   : 7.11.39.210     2048 Bytes  14.08.2012 09:07:30
VBASE025.VDF   : 7.11.39.211     2048 Bytes  14.08.2012 09:07:30
VBASE026.VDF   : 7.11.39.212     2048 Bytes  14.08.2012 09:07:31
VBASE027.VDF   : 7.11.39.213     2048 Bytes  14.08.2012 09:07:32
VBASE028.VDF   : 7.11.39.214     2048 Bytes  14.08.2012 09:07:33
VBASE029.VDF   : 7.11.39.215     2048 Bytes  14.08.2012 09:07:33
VBASE030.VDF   : 7.11.39.216     2048 Bytes  14.08.2012 09:07:34
VBASE031.VDF   : 7.11.39.250   105472 Bytes  16.08.2012 09:07:36
Engineversion  : 8.2.10.132
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 20:44:20
AESCRIPT.DLL   : 8.1.4.42      459129 Bytes  10.08.2012 07:59:31
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 19:18:09
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 20:03:22
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.3.0.24      811381 Bytes  09.08.2012 07:59:31
AEOFFICE.DLL   : 8.1.2.42      201083 Bytes  24.07.2012 19:31:49
AEHEUR.DLL     : 8.1.4.86     5165429 Bytes  10.08.2012 07:59:29
AEHELP.DLL     : 8.1.23.2      258422 Bytes  28.06.2012 20:09:13
AEGEN.DLL      : 8.1.5.34      434548 Bytes  24.07.2012 19:30:55
AEEXP.DLL      : 8.1.0.74       86387 Bytes  05.08.2012 08:01:13
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 20:44:11
AECORE.DLL     : 8.1.27.4      201078 Bytes  09.08.2012 07:59:27
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 19:51:56
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 19:51:56
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 19:51:57
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 19:51:56
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 19:51:56
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 19:51:57
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  09.08.2012 07:59:43
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 19:51:57
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  09.08.2012 07:59:16
RCTEXT.DLL     : 12.3.0.31     100088 Bytes  09.08.2012 07:59:16

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 18. August 2012  19:31

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALDITALKVerbindungsassistent.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'AwesomiumProcess.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'TheSecretWorldDX11.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALDITALKVerbindungsassistent_Launcher.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACEngSvr.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'SonicMasterTray.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBChargerPlus.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALDITALKVerbindungsassistent_Service.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '10' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
Die Registry wurde durchsucht ( '1517' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Program Files\K-Lite Codec Pack x64\Tools\CodecTweakTool-1.bin
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Program Files\K-Lite Codec Pack x64\Tools\Win7DSFilterTweaker-1.bin
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Program Files\WinRAR\rarnew.dat
  [WARNUNG]   Das Archiv ist unbekannt oder defekt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\assets_swtor_de_de.version
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\assets_swtor_main.version
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\FixLauncher.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcherold.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcherold2.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\movies_de_de.version
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\retailclient_swtor.version
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\movies_en_us_-1to0\movies_en_us_-1to0.z01.partial
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\patcher_-1to59\patcher_-1to59.z01.partial
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool-1.bin
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Program Files (x86)\K-Lite Codec Pack\Tools\Win7DSFilterTweaker-1.bin
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\ProgramData\Microsoft\WLSetup\CabLogs\Logs.CAB
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\ProgramData\Microsoft\WLSetup\CabLogs\Logs2.CAB
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U\80000000.@
  [FUND]      Ist das Trojanische Pferd TR/Sirefef.16896
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
Beginne mit der Suche in 'D:\' <DATA>
D:\Downloads\SWTOR_setup.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt

Beginne mit der Desinfektion:
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54997ce8.qua' verschoben!
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U\80000000.@
  [FUND]      Ist das Trojanische Pferd TR/Sirefef.16896
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c0e534f.qua' verschoben!


Ende des Suchlaufs: Samstag, 18. August 2012  20:23
Benötigte Zeit: 51:06 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  31084 Verzeichnisse wurden überprüft
 711372 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 711370 Dateien ohne Befall
   4796 Archive wurden durchsucht
     21 Warnungen
      2 Hinweise
 478296 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Die Meldung ist aber die gleiche wie beim Scan damals.



Der Virenscanner ist seitdem übrignes nicht mehr selbsttätig angesprungen.
__________________

Alt 20.08.2012, 16:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Bitte routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.08.2012, 22:24   #5
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Hallo nochmal
Wünsche einen schönen Urlaub, war auch ein paar Tage weg, hier jetzt aber die 2 Logs.

Malewarebyte (2tes Log insgesamt, erstes s.o)

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Famous :: FAMOUS-PC [Administrator]

23.08.2012 21:18:58
mbam-log-2012-08-23 (21-18-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 357784
Laufzeit: 49 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Eset
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4cb39f9a3662324c8748722418b5b22f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-23 09:19:17
# local_time=2012-08-23 11:19:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 20151239 20151239 0 0
# compatibility_mode=5893 16776573 100 94 150100 97383591 0 0
# compatibility_mode=8192 67108863 100 0 1000 1000 0 0
# scanned=151102
# found=2
# cleaned=0
# scan_time=3016
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\2c93e8d1-51e1b3e8	Java/Exploit.CVE-2012-1723.AP trojan (unable to clean)	00000000000000000000000000000000	I
D:\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
         
mfg
Basti

P.S.: registrybooster.exe im Dowloadverzeichnis verwirrt mich, kann mcih nicht daran erinnern, sowas jemals genutz zu haben.


Alt 30.08.2012, 14:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess

Alt 30.08.2012, 21:24   #7
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Willkommen zurück, hoffe dein Urlaub war schön.

Hier der adw log

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 08/30/2012 um 22:19:22 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Famous - FAMOUS-PC
# Normaler Modus : Normal
# Ausgeführt unter : D:\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Famous\AppData\Roaming\Mozilla\Firefox\Profiles\86967v9j.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v18.0.1025.168

Datei : C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [935 octets] - [30/08/2012 22:19:22]

########## EOF - C:\AdwCleaner[R1].txt - [994 octets] ##########
         

Alt 30.08.2012, 22:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.08.2012, 13:14   #9
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Hier nun der Log vom Löschen mit ADW

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 08/31/2012 um 14:09:40 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Famous - FAMOUS-PC
# Normaler Modus : Normal
# Ausgeführt unter : D:\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Famous\AppData\Roaming\Mozilla\Firefox\Profiles\86967v9j.default\prefs.js

C:\Users\Famous\AppData\Roaming\Mozilla\Firefox\Profiles\86967v9j.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v18.0.1025.168

Datei : C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1062 octets] - [30/08/2012 22:19:22]
AdwCleaner[S1].txt - [1598 octets] - [31/08/2012 14:09:40]

########## EOF - C:\AdwCleaner[S1].txt - [1658 octets] ##########
         

Alt 31.08.2012, 14:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.08.2012, 17:07   #11
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Hier nun der OTL scan

Code:
ATTFilter
OTL logfile created on: 31.08.2012 16:39:10 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,24 Gb Available Physical Memory | 78,92% Memory free
19,78 Gb Paging File | 17,97 Gb Available in Paging File | 90,85% Paging File free
Paging file location(s): c:\pagefile.sys 12153 12153 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301,93 Gb Total Space | 135,15 Gb Free Space | 44,76% Space Free | Partition Type: NTFS
Drive D: | 371,71 Gb Total Space | 313,96 Gb Free Space | 84,47% Space Free | Partition Type: NTFS
Drive F: | 6,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FAMOUS-PC | User Name: Famous | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ATKWMIACPIIO_) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1895555562-1274765963-3933618564-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.http: "188.165.249.205"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 19:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 19:39:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.03 18:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famous\AppData\Roaming\mozilla\Extensions
[2012.07.28 17:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famous\AppData\Roaming\mozilla\Firefox\Profiles\86967v9j.default\extensions
[2012.03.30 23:53:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Famous\AppData\Roaming\mozilla\Firefox\Profiles\86967v9j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.25 12:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.28 17:41:22 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\FAMOUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86967V9J.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.07.27 07:58:49 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\FAMOUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\86967V9J.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.08.29 19:39:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.14 23:43:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 19:39:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 23:43:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 23:43:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 23:43:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 23:43:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Famous\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Famous\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Famous\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Famous\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{371B7F9A-F004-460C-9F47-EBD16F005D2B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91E080EB-8E19-4711-8E5E-FFDB46C80BD8}: DhcpNameServer = 13.5.0.10
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.02 18:16:48 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - C:\PROGRA~2\ALDITA~1\ALDITA~2.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Famous^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found
MsConfig:64bit - StartUpReg: AmIcoSinglun64 - hkey= - key= - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: ASUSPRP - hkey= - key= - C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
MsConfig:64bit - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
MsConfig:64bit - StartUpReg: ATKOSD2 - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: BTMTrayAgent - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: HControlUser - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IntelPAN - hkey= - key= - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
MsConfig:64bit - StartUpReg: IntelTBRunOnce - hkey= - key= - C:\Windows\SysNative\wscript.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SynAsusAcpi - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.30 16:36:54 | 000,000,000 | ---D | C] -- C:\temp
[2012.08.30 13:51:30 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.08.29 15:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.08.29 15:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.08.29 15:30:28 | 000,000,000 | ---D | C] -- D:\Documents\Guild Wars 2
[2012.08.25 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Famous\AppData\Roaming\Xfire
[2012.08.25 20:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2012.08.25 20:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2012.08.25 20:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2012.08.25 10:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle of the Immortals
[2012.08.25 09:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle of the Immortals
[2012.08.25 03:56:43 | 000,000,000 | ---D | C] -- C:\Users\Famous\AppData\Local\GamersFirst LIVE!
[2012.08.25 03:56:17 | 000,000,000 | ---D | C] -- C:\Users\Famous\AppData\Local\Pando_Temp
[2012.08.25 03:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.08.25 03:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2012.08.25 03:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2012.08.23 22:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.15 10:51:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.15 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Famous\AppData\Roaming\Malwarebytes
[2012.08.15 10:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.15 10:45:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.15 10:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.15 10:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 14:18:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 14:18:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 14:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 14:10:39 | 2076,749,823 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 23:31:44 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.08.30 15:01:13 | 000,001,333 | ---- | M] () -- D:\Desktop\Gw2 - Verknüpfung.lnk
[2012.08.29 21:13:06 | 001,529,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.29 21:13:06 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.29 21:13:06 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.29 21:13:06 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.29 21:13:06 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.29 15:32:50 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.08.27 23:47:28 | 000,007,602 | ---- | M] () -- C:\Users\Famous\AppData\Local\Resmon.ResmonCfg
[2012.08.25 20:40:24 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Sword 2.lnk
[2012.08.25 16:07:12 | 000,080,178 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\icarus-dxdiag.xml
[2012.08.25 15:48:27 | 000,002,320 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.08.25 14:40:50 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Fallen Earth.lnk
[2012.08.25 10:06:44 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2012.08.25 03:59:09 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2012.08.22 15:46:00 | 000,016,366 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.08.22 14:17:27 | 003,492,915 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.08.22 06:16:24 | 000,429,416 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.16 03:19:54 | 000,375,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 10:51:07 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.08.15 10:45:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.04 14:52:44 | 000,000,221 | ---- | M] () -- D:\Desktop\Saints Row The Third.url
[2012.08.02 21:42:40 | 000,108,521 | ---- | M] () -- C:\Users\Famous\bk.jpg
 
========== Files Created - No Company Name ==========
 
[2012.08.30 15:00:59 | 000,001,333 | ---- | C] () -- D:\Desktop\Gw2 - Verknüpfung.lnk
[2012.08.29 15:32:50 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.08.25 20:40:24 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Sword 2.lnk
[2012.08.25 16:07:12 | 000,080,178 | ---- | C] () -- C:\Users\Famous\AppData\Roaming\icarus-dxdiag.xml
[2012.08.25 14:40:50 | 000,001,198 | ---- | C] () -- C:\Users\Public\Desktop\Fallen Earth.lnk
[2012.08.25 10:06:44 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2012.08.25 03:55:22 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2012.08.22 06:16:24 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.15 11:46:51 | 000,375,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 10:45:58 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.04 14:52:44 | 000,000,221 | ---- | C] () -- D:\Desktop\Saints Row The Third.url
[2012.08.02 21:42:40 | 000,108,521 | ---- | C] () -- C:\Users\Famous\bk.jpg
[2012.05.07 16:42:41 | 000,007,602 | ---- | C] () -- C:\Users\Famous\AppData\Local\Resmon.ResmonCfg
[2012.01.17 19:51:57 | 035,603,443 | ---- | C] () -- C:\Users\Famous\Viva_Vox_choir_-_The_Prodigy_Mix_a_cappella_-_YouTube.flv
[2012.01.11 13:01:44 | 000,002,048 | -HS- | C] () -- C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\@
[2012.01.03 17:58:07 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.10.11 21:15:57 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.10.11 20:57:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.12 10:14:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.12 10:13:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.12 10:13:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.12 10:13:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.12 10:13:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.12 10:13:03 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.04.17 21:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.08.31 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.01.03 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\ASUS WebStorage
[2012.05.19 02:37:16 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Leadertech
[2012.01.04 05:31:43 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\MAGIX
[2012.01.03 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Nuance
[2012.03.09 01:57:47 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\OpenOffice.org
[2012.08.15 20:36:18 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\TS3Client
[2012.02.08 19:48:33 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\ts3overlay
[2012.01.03 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\TuneUp Software
[2012.01.04 01:44:36 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\uTorrent
[2012.01.03 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Zeon
[2009.07.14 07:08:49 | 000,026,170 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.03 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Adobe
[2012.08.31 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.01.03 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\ASUS WebStorage
[2012.01.03 18:00:32 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Avira
[2012.03.08 05:14:56 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\CyberLink
[2012.01.03 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\FLEXnet
[2012.01.04 00:55:34 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Google
[2012.01.03 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Identities
[2012.01.03 17:30:37 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Intel
[2012.05.19 02:37:16 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Leadertech
[2012.05.19 02:31:48 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Logishrd
[2012.05.19 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Logitech
[2012.01.03 17:58:45 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Macromedia
[2012.01.04 05:31:43 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\MAGIX
[2012.08.15 10:46:06 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Media Center Programs
[2012.06.25 08:08:19 | 000,000,000 | --SD | M] -- C:\Users\Famous\AppData\Roaming\Microsoft
[2012.01.03 18:02:30 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Mozilla
[2012.01.03 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Nuance
[2012.06.22 19:09:15 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\NVIDIA
[2012.03.09 01:57:47 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\OpenOffice.org
[2012.08.15 20:36:18 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\TS3Client
[2012.02.08 19:48:33 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\ts3overlay
[2012.01.03 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\TuneUp Software
[2012.01.04 01:44:36 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\uTorrent
[2012.08.30 21:23:53 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\vlc
[2012.04.12 13:21:33 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\WinRAR
[2012.08.25 20:44:28 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Xfire
[2012.01.03 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Famous\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2012.02.24 12:34:10 | 001,739,720 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\ALDITALKVerbindungsassistent.exe
[2012.02.24 12:34:10 | 000,510,920 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\ALDITALKVerbindungsassistent_Launcher.exe
[2012.02.24 12:34:10 | 000,342,984 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\ALDITALKVerbindungsassistent_Service.exe
[2012.02.24 12:34:10 | 000,543,688 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\ALDITALKVerbindungsassistent_SMSMMS.exe
[2012.02.24 12:34:10 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Del_CD_ROM.exe
[2012.02.24 12:34:10 | 000,262,144 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\devsetup32.exe
[2012.02.24 12:34:10 | 000,354,304 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\devsetup64.exe
[2012.02.24 12:34:11 | 000,158,664 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Huaweiregcleaner.exe
[2012.02.24 12:34:11 | 000,323,584 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\HuaweiUninstaller.exe
[2012.02.24 12:34:11 | 000,043,976 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\InstallWTGService.exe
[2012.02.24 12:34:11 | 000,420,808 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\OSU.exe
[2012.02.24 12:34:15 | 000,891,848 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Setup.exe
[2012.02.24 12:34:15 | 000,314,312 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Uninstaller.exe
[2012.02.24 12:34:15 | 000,244,680 | ---- | M] () -- C:\Users\Famous\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\WTGVistaUtil.exe
[2012.05.19 02:37:15 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Famous\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.5.0.1026\iaStor.sys
[2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >
         

Alt 31.08.2012, 19:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1895555562-1274765963-3933618564-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.02 18:16:48 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - C:\PROGRA~2\ALDITA~1\ALDITA~2.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Famous^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC
:Files
ipconfig /flushdns /c
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}
C:\ProgramData\FullRemove.exe
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache
D:\Downloads\registrybooster.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (31.08.2012 um 20:02 Uhr)

Alt 31.08.2012, 22:16   #13
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Log des OTL Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1895555562-1274765963-3933618564-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1895555562-1274765963-3933618564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1895555562-1274765963-3933618564-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File F:\AutoRun.exe not found.
File F:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f1e77e-6123-11e1-8908-ac72891cb8ac}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e854e8-5e37-11e1-947e-ac72891cb8ac}\ not found.
File F:\.\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e45bbeb7-f090-11e1-a674-ac72891cb8ac}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e45bbebb-f090-11e1-a674-ac72891cb8ac}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e974cbcf-36ba-11e1-8bbd-ac72891cb8ac}\ not found.
File F:\.\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edb001a2-6330-11e1-adb3-ac72891cb8ac}\ not found.
File F:\.\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21576dc-3636-11e1-b2b6-ac72891cb8ac}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21576ee-3636-11e1-b2b6-ac72891cb8ac}\ not found.
File F:\.\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\.\Autorun.exe not found.
ADS C:\ProgramData\Temp:3E7393FC deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
D:\Desktop\System\cmd.bat deleted successfully.
D:\Desktop\System\cmd.txt deleted successfully.
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\U folder moved successfully.
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c}\L folder moved successfully.
C:\Users\Famous\AppData\Local\{3779d65b-2d5e-d121-27ea-d109ebaabb5c} folder moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Famous\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
D:\Downloads\registrybooster.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Famous
->Temp folder emptied: 76904384 bytes
->Temporary Internet Files folder emptied: 5155569 bytes
->FireFox cache emptied: 387319859 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5464 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 260796 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 3277 bytes
 
Total Files Cleaned = 448,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Famous
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.57.0 log created on 08312012_230524

Files\Folders moved on Reboot...
C:\Users\Famous\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Famous\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 01.09.2012, 10:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.09.2012, 17:08   #15
BMK
 
TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local    -    RootkitAccess - Standard

TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess



Hier der TDSS Log

Code:
ATTFilter
18:00:54.0473 6252  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:00:54.0505 6252  ============================================================
18:00:54.0505 6252  Current date / time: 2012/09/01 18:00:54.0505
18:00:54.0505 6252  SystemInfo:
18:00:54.0505 6252  
18:00:54.0505 6252  OS Version: 6.1.7601 ServicePack: 1.0
18:00:54.0505 6252  Product type: Workstation
18:00:54.0505 6252  ComputerName: FAMOUS-PC
18:00:54.0505 6252  UserName: Famous
18:00:54.0505 6252  Windows directory: C:\Windows
18:00:54.0505 6252  System windows directory: C:\Windows
18:00:54.0505 6252  Running under WOW64
18:00:54.0505 6252  Processor architecture: Intel x64
18:00:54.0505 6252  Number of processors: 8
18:00:54.0505 6252  Page size: 0x1000
18:00:54.0505 6252  Boot type: Normal boot
18:00:54.0505 6252  ============================================================
18:00:54.0988 6252  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:55.0004 6252  ============================================================
18:00:55.0004 6252  \Device\Harddisk0\DR0:
18:00:55.0004 6252  MBR partitions:
18:00:55.0004 6252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x25BDA000
18:00:55.0035 6252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28DDB000, BlocksNum 0x2E76B000
18:00:55.0035 6252  ============================================================
18:00:55.0082 6252  C: <-> \Device\Harddisk0\DR0\Partition1
18:00:55.0129 6252  D: <-> \Device\Harddisk0\DR0\Partition2
18:00:55.0129 6252  ============================================================
18:00:55.0129 6252  Initialize success
18:00:55.0129 6252  ============================================================
18:04:52.0263 5784  ============================================================
18:04:52.0263 5784  Scan started
18:04:52.0263 5784  Mode: Manual; SigCheck; TDLFS; 
18:04:52.0263 5784  ============================================================
18:04:52.0497 5784  ================ Scan system memory ========================
18:04:52.0497 5784  System memory - ok
18:04:52.0497 5784  ================ Scan services =============================
18:04:52.0622 5784  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:04:52.0684 5784  1394ohci - ok
18:04:52.0715 5784  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:04:52.0731 5784  ACPI - ok
18:04:52.0747 5784  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:04:52.0809 5784  AcpiPmi - ok
18:04:52.0934 5784  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:04:52.0934 5784  AdobeFlashPlayerUpdateSvc - ok
18:04:52.0981 5784  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:04:52.0996 5784  adp94xx - ok
18:04:52.0996 5784  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:04:53.0012 5784  adpahci - ok
18:04:53.0027 5784  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:04:53.0043 5784  adpu320 - ok
18:04:53.0059 5784  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:04:53.0168 5784  AeLookupSvc - ok
18:04:53.0199 5784  [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent        C:\Windows\system32\FBAgent.exe
18:04:53.0230 5784  AFBAgent - ok
18:04:53.0277 5784  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:04:53.0324 5784  AFD - ok
18:04:53.0371 5784  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:04:53.0371 5784  agp440 - ok
18:04:53.0417 5784  [ 14370049D8C9912EAC7603809A77C378 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
18:04:53.0433 5784  AiCharger - ok
18:04:53.0511 5784  [ B95A1D7FF4F7FDE7E5E4062F4061ED6F ] ALDITALKVerbindungsassistent_Service C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
18:04:53.0542 5784  ALDITALKVerbindungsassistent_Service - ok
18:04:53.0558 5784  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:04:53.0620 5784  ALG - ok
18:04:53.0651 5784  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:04:53.0667 5784  aliide - ok
18:04:53.0667 5784  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:04:53.0683 5784  amdide - ok
18:04:53.0698 5784  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:04:53.0745 5784  AmdK8 - ok
18:04:53.0745 5784  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:04:53.0776 5784  AmdPPM - ok
18:04:53.0807 5784  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:04:53.0807 5784  amdsata - ok
18:04:53.0839 5784  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:04:53.0854 5784  amdsbs - ok
18:04:53.0870 5784  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:04:53.0870 5784  amdxata - ok
18:04:53.0917 5784  [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
18:04:53.0948 5784  AMPPAL - ok
18:04:53.0963 5784  [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
18:04:53.0963 5784  AMPPALP - ok
18:04:54.0073 5784  [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:04:54.0104 5784  AMPPALR3 - ok
18:04:54.0151 5784  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:04:54.0166 5784  AntiVirSchedulerService - ok
18:04:54.0213 5784  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:04:54.0229 5784  AntiVirService - ok
18:04:54.0275 5784  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:04:54.0400 5784  AppID - ok
18:04:54.0416 5784  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:04:54.0463 5784  AppIDSvc - ok
18:04:54.0478 5784  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:04:54.0525 5784  Appinfo - ok
18:04:54.0541 5784  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:04:54.0556 5784  arc - ok
18:04:54.0556 5784  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:04:54.0572 5784  arcsas - ok
18:04:54.0634 5784  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:04:54.0650 5784  ASLDRService - ok
18:04:54.0697 5784  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:04:54.0712 5784  ASMMAP64 - ok
18:04:54.0743 5784  [ 718692FFF22D6AF47EBA0A741A924921 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
18:04:54.0790 5784  asmthub3 - ok
18:04:54.0837 5784  [ BAD70A5AC534C108F680A33C654BC626 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
18:04:54.0868 5784  asmtxhci - ok
18:04:54.0884 5784  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:54.0915 5784  AsyncMac - ok
18:04:54.0962 5784  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:04:54.0977 5784  atapi - ok
18:04:55.0009 5784  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:04:55.0087 5784  athr - ok
18:04:55.0102 5784  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:04:55.0118 5784  ATKGFNEXSrv - ok
18:04:55.0165 5784  [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO_   C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:04:55.0180 5784  ATKWMIACPIIO_ - ok
18:04:55.0227 5784  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:55.0258 5784  AudioEndpointBuilder - ok
18:04:55.0274 5784  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:04:55.0305 5784  AudioSrv - ok
18:04:55.0336 5784  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:04:55.0352 5784  avgntflt - ok
18:04:55.0399 5784  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:04:55.0414 5784  avipbb - ok
18:04:55.0430 5784  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:04:55.0445 5784  avkmgr - ok
18:04:55.0508 5784  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:04:55.0586 5784  AxInstSV - ok
18:04:55.0617 5784  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:04:55.0679 5784  b06bdrv - ok
18:04:55.0726 5784  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:04:55.0757 5784  b57nd60a - ok
18:04:55.0804 5784  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:04:55.0835 5784  BDESVC - ok
18:04:55.0867 5784  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:04:55.0898 5784  Beep - ok
18:04:55.0945 5784  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:04:56.0007 5784  BFE - ok
18:04:56.0038 5784  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:04:56.0101 5784  BITS - ok
18:04:56.0132 5784  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:04:56.0163 5784  blbdrive - ok
18:04:56.0257 5784  [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:04:56.0272 5784  Bluetooth Device Monitor - ok
18:04:56.0303 5784  [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:04:56.0335 5784  Bluetooth Media Service - ok
18:04:56.0350 5784  [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:04:56.0366 5784  Bluetooth OBEX Service - ok
18:04:56.0397 5784  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:04:56.0428 5784  bowser - ok
18:04:56.0459 5784  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:04:56.0506 5784  BrFiltLo - ok
18:04:56.0522 5784  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:04:56.0537 5784  BrFiltUp - ok
18:04:56.0584 5784  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:04:56.0615 5784  Browser - ok
18:04:56.0662 5784  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:04:56.0709 5784  Brserid - ok
18:04:56.0709 5784  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:04:56.0740 5784  BrSerWdm - ok
18:04:56.0740 5784  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:04:56.0771 5784  BrUsbMdm - ok
18:04:56.0771 5784  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:04:56.0803 5784  BrUsbSer - ok
18:04:56.0849 5784  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:04:57.0005 5784  BthEnum - ok
18:04:57.0037 5784  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:04:57.0052 5784  BTHMODEM - ok
18:04:57.0068 5784  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:04:57.0099 5784  BthPan - ok
18:04:57.0161 5784  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:04:57.0208 5784  BTHPORT - ok
18:04:57.0239 5784  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:04:57.0286 5784  bthserv - ok
18:04:57.0317 5784  [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:04:57.0317 5784  BTHSSecurityMgr - ok
18:04:57.0349 5784  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:04:57.0364 5784  BTHUSB - ok
18:04:57.0411 5784  [ 270FBA230E78E25726D065A924589A72 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
18:04:57.0442 5784  btmaux - ok
18:04:57.0489 5784  [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
18:04:57.0520 5784  btmhsf - ok
18:04:57.0551 5784  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:04:57.0583 5784  cdfs - ok
18:04:57.0614 5784  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:04:57.0645 5784  cdrom - ok
18:04:57.0692 5784  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:04:57.0739 5784  CertPropSvc - ok
18:04:57.0770 5784  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:04:57.0785 5784  circlass - ok
18:04:57.0817 5784  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:04:57.0832 5784  CLFS - ok
18:04:57.0988 5784  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
18:04:58.0004 5784  CLKMSVC10_38F51D56 - ok
18:04:58.0113 5784  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:58.0113 5784  clr_optimization_v2.0.50727_32 - ok
18:04:58.0175 5784  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:04:58.0175 5784  clr_optimization_v2.0.50727_64 - ok
18:04:58.0269 5784  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:58.0269 5784  clr_optimization_v4.0.30319_32 - ok
18:04:58.0316 5784  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:04:58.0316 5784  clr_optimization_v4.0.30319_64 - ok
18:04:58.0347 5784  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:58.0378 5784  CmBatt - ok
18:04:58.0394 5784  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:04:58.0394 5784  cmdide - ok
18:04:58.0456 5784  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:04:58.0487 5784  CNG - ok
18:04:58.0519 5784  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:04:58.0519 5784  Compbatt - ok
18:04:58.0534 5784  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:04:58.0565 5784  CompositeBus - ok
18:04:58.0597 5784  COMSysApp - ok
18:04:58.0597 5784  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:04:58.0612 5784  crcdisk - ok
18:04:58.0628 5784  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:04:58.0659 5784  CryptSvc - ok
18:04:58.0690 5784  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:04:58.0737 5784  DcomLaunch - ok
18:04:58.0768 5784  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:04:58.0799 5784  defragsvc - ok
18:04:58.0831 5784  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:04:58.0862 5784  DfsC - ok
18:04:58.0893 5784  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:04:58.0924 5784  Dhcp - ok
18:04:58.0940 5784  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:04:58.0987 5784  discache - ok
18:04:59.0033 5784  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:04:59.0049 5784  Disk - ok
18:04:59.0065 5784  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:04:59.0111 5784  Dnscache - ok
18:04:59.0143 5784  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:04:59.0189 5784  dot3svc - ok
18:04:59.0205 5784  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:04:59.0252 5784  DPS - ok
18:04:59.0283 5784  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:04:59.0330 5784  drmkaud - ok
18:04:59.0361 5784  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:04:59.0377 5784  DXGKrnl - ok
18:04:59.0392 5784  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:04:59.0423 5784  EapHost - ok
18:04:59.0486 5784  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:04:59.0595 5784  ebdrv - ok
18:04:59.0626 5784  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:04:59.0673 5784  EFS - ok
18:04:59.0720 5784  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:04:59.0735 5784  elxstor - ok
18:04:59.0751 5784  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:04:59.0767 5784  ErrDev - ok
18:04:59.0798 5784  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:04:59.0829 5784  EventSystem - ok
18:04:59.0938 5784  [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:04:59.0985 5784  EvtEng - ok
18:05:00.0032 5784  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:05:00.0079 5784  ew_hwusbdev - ok
18:05:00.0094 5784  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:05:00.0125 5784  exfat - ok
18:05:00.0141 5784  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:05:00.0188 5784  fastfat - ok
18:05:00.0235 5784  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:05:00.0297 5784  Fax - ok
18:05:00.0313 5784  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:05:00.0328 5784  fdc - ok
18:05:00.0344 5784  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:05:00.0375 5784  fdPHost - ok
18:05:00.0391 5784  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:05:00.0437 5784  FDResPub - ok
18:05:00.0469 5784  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:05:00.0484 5784  FileInfo - ok
18:05:00.0500 5784  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:05:00.0547 5784  Filetrace - ok
18:05:00.0578 5784  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:05:00.0578 5784  flpydisk - ok
18:05:00.0593 5784  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:05:00.0609 5784  FltMgr - ok
18:05:00.0656 5784  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:05:00.0718 5784  FontCache - ok
18:05:00.0765 5784  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:05:00.0781 5784  FontCache3.0.0.0 - ok
18:05:00.0796 5784  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:05:00.0812 5784  FsDepends - ok
18:05:00.0827 5784  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:05:00.0827 5784  Fs_Rec - ok
18:05:00.0859 5784  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:05:00.0874 5784  fvevol - ok
18:05:00.0890 5784  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:05:00.0905 5784  gagp30kx - ok
18:05:00.0937 5784  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:05:00.0983 5784  gpsvc - ok
18:05:00.0999 5784  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:05:01.0015 5784  hcw85cir - ok
18:05:01.0030 5784  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:01.0061 5784  HdAudAddService - ok
18:05:01.0093 5784  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:05:01.0124 5784  HDAudBus - ok
18:05:01.0124 5784  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:05:01.0171 5784  HidBatt - ok
18:05:01.0202 5784  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:05:01.0217 5784  HidBth - ok
18:05:01.0233 5784  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:05:01.0233 5784  HidIr - ok
18:05:01.0264 5784  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:05:01.0295 5784  hidserv - ok
18:05:01.0327 5784  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:05:01.0342 5784  HidUsb - ok
18:05:01.0358 5784  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:05:01.0405 5784  hkmsvc - ok
18:05:01.0436 5784  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:05:01.0498 5784  HomeGroupListener - ok
18:05:01.0514 5784  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:05:01.0529 5784  HomeGroupProvider - ok
18:05:01.0561 5784  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:05:01.0576 5784  HpSAMD - ok
18:05:01.0592 5784  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:05:01.0654 5784  HTTP - ok
18:05:01.0685 5784  [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:05:01.0701 5784  hwdatacard - ok
18:05:01.0732 5784  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:05:01.0732 5784  hwpolicy - ok
18:05:01.0763 5784  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:05:01.0779 5784  i8042prt - ok
18:05:01.0826 5784  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:05:01.0841 5784  iaStor - ok
18:05:01.0873 5784  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:05:01.0888 5784  iaStorV - ok
18:05:01.0904 5784  [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
18:05:01.0919 5784  iBtFltCoex - ok
18:05:01.0982 5784  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:05:01.0997 5784  idsvc - ok
18:05:02.0200 5784  [ 174BCAC474DE13B2650E444CF124828E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:05:02.0528 5784  igfx - ok
18:05:02.0559 5784  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:05:02.0559 5784  iirsp - ok
18:05:02.0606 5784  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:05:02.0637 5784  IKEEXT - ok
18:05:02.0668 5784  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
18:05:02.0684 5784  intaud_WaveExtensible - ok
18:05:02.0777 5784  [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:05:02.0871 5784  IntcAzAudAddService - ok
18:05:02.0902 5784  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:05:02.0902 5784  intelide - ok
18:05:02.0933 5784  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:05:02.0965 5784  intelppm - ok
18:05:02.0980 5784  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:05:03.0027 5784  IPBusEnum - ok
18:05:03.0043 5784  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:03.0089 5784  IpFilterDriver - ok
18:05:03.0121 5784  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:05:03.0152 5784  iphlpsvc - ok
18:05:03.0183 5784  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:05:03.0214 5784  IPMIDRV - ok
18:05:03.0214 5784  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:05:03.0261 5784  IPNAT - ok
18:05:03.0292 5784  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:05:03.0339 5784  IRENUM - ok
18:05:03.0355 5784  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:05:03.0355 5784  isapnp - ok
18:05:03.0386 5784  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:05:03.0401 5784  iScsiPrt - ok
18:05:03.0433 5784  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
18:05:03.0448 5784  iwdbus - ok
18:05:03.0479 5784  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:05:03.0479 5784  kbdclass - ok
18:05:03.0511 5784  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:05:03.0542 5784  kbdhid - ok
18:05:03.0573 5784  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
18:05:03.0589 5784  kbfiltr - ok
18:05:03.0589 5784  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:05:03.0604 5784  KeyIso - ok
18:05:03.0620 5784  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:05:03.0635 5784  KSecDD - ok
18:05:03.0651 5784  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:05:03.0667 5784  KSecPkg - ok
18:05:03.0682 5784  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:05:03.0713 5784  ksthunk - ok
18:05:03.0745 5784  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:05:03.0791 5784  KtmRm - ok
18:05:03.0807 5784  [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:05:03.0823 5784  L1C - ok
18:05:03.0869 5784  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:05:03.0916 5784  LanmanServer - ok
18:05:03.0916 5784  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:03.0963 5784  LanmanWorkstation - ok
18:05:04.0088 5784  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:05:04.0103 5784  LBTServ - ok
18:05:04.0135 5784  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:05:04.0150 5784  LHidFilt - ok
18:05:04.0166 5784  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:05:04.0197 5784  lltdio - ok
18:05:04.0228 5784  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:05:04.0275 5784  lltdsvc - ok
18:05:04.0306 5784  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:05:04.0322 5784  lmhosts - ok
18:05:04.0369 5784  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:05:04.0369 5784  LMouFilt - ok
18:05:04.0415 5784  [ 0803906D607A9B83184447B75B60ECC2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:05:04.0431 5784  LMS - ok
18:05:04.0478 5784  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:05:04.0493 5784  LSI_FC - ok
18:05:04.0509 5784  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:05:04.0509 5784  LSI_SAS - ok
18:05:04.0525 5784  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:05:04.0540 5784  LSI_SAS2 - ok
18:05:04.0556 5784  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:05:04.0556 5784  LSI_SCSI - ok
18:05:04.0587 5784  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:05:04.0634 5784  luafv - ok
18:05:04.0665 5784  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:05:04.0665 5784  megasas - ok
18:05:04.0696 5784  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:05:04.0712 5784  MegaSR - ok
18:05:04.0727 5784  [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:05:04.0743 5784  MEIx64 - ok
18:05:04.0759 5784  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:05:04.0805 5784  MMCSS - ok
18:05:04.0805 5784  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:05:04.0852 5784  Modem - ok
18:05:04.0883 5784  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:05:04.0915 5784  monitor - ok
18:05:04.0930 5784  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:05:04.0946 5784  mouclass - ok
18:05:04.0961 5784  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:05:04.0977 5784  mouhid - ok
18:05:04.0993 5784  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:05:05.0008 5784  mountmgr - ok
18:05:05.0055 5784  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:05:05.0055 5784  MozillaMaintenance - ok
18:05:05.0071 5784  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:05:05.0086 5784  mpio - ok
18:05:05.0117 5784  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:05:05.0149 5784  mpsdrv - ok
18:05:05.0180 5784  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:05:05.0227 5784  MpsSvc - ok
18:05:05.0227 5784  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:05:05.0258 5784  MRxDAV - ok
18:05:05.0273 5784  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:05.0320 5784  mrxsmb - ok
18:05:05.0336 5784  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:05.0351 5784  mrxsmb10 - ok
18:05:05.0367 5784  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:05.0383 5784  mrxsmb20 - ok
18:05:05.0414 5784  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:05:05.0429 5784  msahci - ok
18:05:05.0445 5784  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:05:05.0445 5784  msdsm - ok
18:05:05.0461 5784  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:05:05.0492 5784  MSDTC - ok
18:05:05.0507 5784  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:05:05.0539 5784  Msfs - ok
18:05:05.0554 5784  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:05:05.0601 5784  mshidkmdf - ok
18:05:05.0617 5784  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:05:05.0617 5784  msisadrv - ok
18:05:05.0648 5784  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:05:05.0679 5784  MSiSCSI - ok
18:05:05.0695 5784  msiserver - ok
18:05:05.0710 5784  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:05:05.0741 5784  MSKSSRV - ok
18:05:05.0757 5784  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:05.0788 5784  MSPCLOCK - ok
18:05:05.0804 5784  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:05:05.0835 5784  MSPQM - ok
18:05:05.0866 5784  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:05:05.0882 5784  MsRPC - ok
18:05:05.0897 5784  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:05:05.0897 5784  mssmbios - ok
18:05:05.0913 5784  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:05:05.0960 5784  MSTEE - ok
18:05:05.0975 5784  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:05:05.0991 5784  MTConfig - ok
18:05:06.0007 5784  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:05:06.0007 5784  Mup - ok
18:05:06.0053 5784  [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:05:06.0069 5784  MyWiFiDHCPDNS - ok
18:05:06.0100 5784  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:05:06.0131 5784  napagent - ok
18:05:06.0147 5784  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:05:06.0178 5784  NativeWifiP - ok
18:05:06.0225 5784  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:05:06.0241 5784  NDIS - ok
18:05:06.0272 5784  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:06.0287 5784  NdisCap - ok
18:05:06.0319 5784  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:06.0334 5784  NdisTapi - ok
18:05:06.0350 5784  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:06.0397 5784  Ndisuio - ok
18:05:06.0412 5784  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:06.0443 5784  NdisWan - ok
18:05:06.0443 5784  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:05:06.0490 5784  NDProxy - ok
18:05:06.0506 5784  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:05:06.0537 5784  NetBIOS - ok
18:05:06.0553 5784  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:05:06.0584 5784  NetBT - ok
18:05:06.0615 5784  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:05:06.0615 5784  Netlogon - ok
18:05:06.0677 5784  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:05:06.0724 5784  Netman - ok
18:05:06.0740 5784  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:05:06.0802 5784  netprofm - ok
18:05:06.0833 5784  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:05:06.0833 5784  NetTcpPortSharing - ok
18:05:07.0005 5784  [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
18:05:07.0208 5784  NETwNs64 - ok
18:05:07.0239 5784  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:05:07.0239 5784  nfrd960 - ok
18:05:07.0286 5784  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:05:07.0333 5784  NlaSvc - ok
18:05:07.0348 5784  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:05:07.0364 5784  Npfs - ok
18:05:07.0379 5784  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:05:07.0426 5784  nsi - ok
18:05:07.0442 5784  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:05:07.0473 5784  nsiproxy - ok
18:05:07.0520 5784  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:05:07.0598 5784  Ntfs - ok
18:05:07.0613 5784  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:05:07.0660 5784  Null - ok
18:05:07.0707 5784  [ 03E423DCAC06B7E9DC051DEE8ABEB47D ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
18:05:07.0738 5784  nvkflt - ok
18:05:07.0972 5784  [ 79060E6631DC2C91DA8E601E2584A623 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:05:08.0284 5784  nvlddmkm - ok
18:05:08.0347 5784  [ B621AE777F899CC849C896839690BE76 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
18:05:08.0362 5784  nvpciflt - ok
18:05:08.0409 5784  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:05:08.0409 5784  nvraid - ok
18:05:08.0425 5784  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:05:08.0425 5784  nvstor - ok
18:05:08.0487 5784  [ BDBC8E51FF2F3B800FF7B90DCDA31B48 ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:05:08.0518 5784  NVSvc - ok
18:05:08.0596 5784  [ 55F03866A969A50CD1574B0F61ACEC1D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:05:08.0627 5784  nvUpdatusService - ok
18:05:08.0659 5784  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:05:08.0674 5784  nv_agp - ok
18:05:08.0690 5784  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:05:08.0705 5784  ohci1394 - ok
18:05:08.0737 5784  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:05:08.0768 5784  p2pimsvc - ok
18:05:08.0783 5784  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:05:08.0815 5784  p2psvc - ok
18:05:08.0846 5784  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
18:05:08.0861 5784  Parport - ok
18:05:08.0877 5784  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:05:08.0893 5784  partmgr - ok
18:05:08.0908 5784  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:05:08.0924 5784  PcaSvc - ok
18:05:08.0955 5784  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:05:08.0955 5784  pci - ok
18:05:08.0971 5784  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:05:08.0986 5784  pciide - ok
18:05:09.0002 5784  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:05:09.0002 5784  pcmcia - ok
18:05:09.0017 5784  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:05:09.0033 5784  pcw - ok
18:05:09.0049 5784  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:05:09.0095 5784  PEAUTH - ok
18:05:09.0158 5784  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:05:09.0189 5784  PerfHost - ok
18:05:09.0236 5784  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:05:09.0298 5784  pla - ok
18:05:09.0329 5784  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:05:09.0376 5784  PlugPlay - ok
18:05:09.0392 5784  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:05:09.0407 5784  PNRPAutoReg - ok
18:05:09.0439 5784  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:05:09.0439 5784  PNRPsvc - ok
18:05:09.0485 5784  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:05:09.0517 5784  PolicyAgent - ok
18:05:09.0563 5784  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:05:09.0595 5784  Power - ok
18:05:09.0626 5784  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:05:09.0657 5784  PptpMiniport - ok
18:05:09.0673 5784  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:05:09.0704 5784  Processor - ok
18:05:09.0735 5784  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:05:09.0766 5784  ProfSvc - ok
18:05:09.0766 5784  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:09.0782 5784  ProtectedStorage - ok
18:05:09.0797 5784  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:05:09.0813 5784  Psched - ok
18:05:09.0875 5784  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:05:09.0938 5784  ql2300 - ok
18:05:09.0953 5784  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:05:09.0953 5784  ql40xx - ok
18:05:09.0985 5784  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:05:10.0000 5784  QWAVE - ok
18:05:10.0016 5784  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:05:10.0047 5784  QWAVEdrv - ok
18:05:10.0047 5784  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:05:10.0078 5784  RasAcd - ok
18:05:10.0109 5784  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:10.0141 5784  RasAgileVpn - ok
18:05:10.0156 5784  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:05:10.0203 5784  RasAuto - ok
18:05:10.0219 5784  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:10.0250 5784  Rasl2tp - ok
18:05:10.0281 5784  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:05:10.0312 5784  RasMan - ok
18:05:10.0328 5784  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:10.0359 5784  RasPppoe - ok
18:05:10.0375 5784  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:05:10.0437 5784  RasSstp - ok
18:05:10.0453 5784  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:05:10.0499 5784  rdbss - ok
18:05:10.0531 5784  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:05:10.0546 5784  rdpbus - ok
18:05:10.0577 5784  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:10.0609 5784  RDPCDD - ok
18:05:10.0624 5784  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:05:10.0655 5784  RDPENCDD - ok
18:05:10.0687 5784  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:05:10.0733 5784  RDPREFMP - ok
18:05:10.0765 5784  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:05:10.0811 5784  RDPWD - ok
18:05:10.0843 5784  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:05:10.0843 5784  rdyboost - ok
18:05:10.0921 5784  [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:05:10.0936 5784  RegSrvc - ok
18:05:10.0952 5784  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:05:10.0999 5784  RemoteAccess - ok
18:05:11.0014 5784  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:05:11.0061 5784  RemoteRegistry - ok
18:05:11.0108 5784  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:05:11.0123 5784  RFCOMM - ok
18:05:11.0217 5784  [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:05:11.0217 5784  RichVideo - ok
18:05:11.0248 5784  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:05:11.0295 5784  RpcEptMapper - ok
18:05:11.0295 5784  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:05:11.0311 5784  RpcLocator - ok
18:05:11.0342 5784  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:05:11.0357 5784  RpcSs - ok
18:05:11.0389 5784  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:05:11.0420 5784  rspndr - ok
18:05:11.0435 5784  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:05:11.0451 5784  SamSs - ok
18:05:11.0467 5784  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:05:11.0467 5784  sbp2port - ok
18:05:11.0498 5784  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:05:11.0529 5784  SCardSvr - ok
18:05:11.0545 5784  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:05:11.0576 5784  scfilter - ok
18:05:11.0607 5784  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:05:11.0654 5784  Schedule - ok
18:05:11.0669 5784  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:05:11.0701 5784  SCPolicySvc - ok
18:05:11.0716 5784  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:05:11.0747 5784  SDRSVC - ok
18:05:11.0779 5784  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:05:11.0810 5784  secdrv - ok
18:05:11.0825 5784  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:05:11.0857 5784  seclogon - ok
18:05:11.0888 5784  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:05:11.0919 5784  SENS - ok
18:05:11.0935 5784  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:05:11.0950 5784  SensrSvc - ok
18:05:11.0966 5784  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:05:11.0997 5784  Serenum - ok
18:05:12.0028 5784  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
18:05:12.0044 5784  Serial - ok
18:05:12.0075 5784  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:05:12.0091 5784  sermouse - ok
18:05:12.0122 5784  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:05:12.0169 5784  SessionEnv - ok
18:05:12.0169 5784  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:05:12.0184 5784  sffdisk - ok
18:05:12.0200 5784  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:05:12.0231 5784  sffp_mmc - ok
18:05:12.0231 5784  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:05:12.0247 5784  sffp_sd - ok
18:05:12.0247 5784  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:05:12.0262 5784  sfloppy - ok
18:05:12.0278 5784  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:05:12.0325 5784  SharedAccess - ok
18:05:12.0340 5784  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:12.0387 5784  ShellHWDetection - ok
18:05:12.0418 5784  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
18:05:12.0449 5784  SiSGbeLH - ok
18:05:12.0465 5784  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:05:12.0465 5784  SiSRaid2 - ok
18:05:12.0481 5784  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:05:12.0481 5784  SiSRaid4 - ok
18:05:12.0481 5784  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:05:12.0527 5784  Smb - ok
18:05:12.0559 5784  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:05:12.0590 5784  SNMPTRAP - ok
18:05:12.0605 5784  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:05:12.0605 5784  spldr - ok
18:05:12.0637 5784  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:05:12.0668 5784  Spooler - ok
18:05:12.0730 5784  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:05:12.0839 5784  sppsvc - ok
18:05:12.0855 5784  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:05:12.0886 5784  sppuinotify - ok
18:05:12.0917 5784  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:05:12.0980 5784  srv - ok
18:05:12.0995 5784  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:05:13.0011 5784  srv2 - ok
18:05:13.0027 5784  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:05:13.0042 5784  srvnet - ok
18:05:13.0073 5784  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:05:13.0120 5784  SSDPSRV - ok
18:05:13.0136 5784  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:05:13.0183 5784  SstpSvc - ok
18:05:13.0245 5784  Steam Client Service - ok
18:05:13.0339 5784  [ 4A566EB1ABCD229B3F8D67F3C4224897 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:05:13.0354 5784  Stereo Service - ok
18:05:13.0385 5784  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:05:13.0385 5784  stexstor - ok
18:05:13.0432 5784  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:05:13.0463 5784  stisvc - ok
18:05:13.0479 5784  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:05:13.0479 5784  swenum - ok
18:05:13.0510 5784  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:05:13.0541 5784  swprv - ok
18:05:13.0619 5784  [ 7E8902F9929A5D9FFD0F545332CE0F10 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:05:13.0666 5784  SynTP - ok
18:05:13.0713 5784  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:05:13.0760 5784  SysMain - ok
18:05:13.0775 5784  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:13.0791 5784  TabletInputService - ok
18:05:13.0807 5784  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:05:13.0853 5784  TapiSrv - ok
18:05:13.0869 5784  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:05:13.0900 5784  TBS - ok
18:05:13.0963 5784  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:05:14.0009 5784  Tcpip - ok
18:05:14.0056 5784  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:05:14.0072 5784  TCPIP6 - ok
18:05:14.0103 5784  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:05:14.0134 5784  tcpipreg - ok
18:05:14.0165 5784  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:05:14.0197 5784  TDPIPE - ok
18:05:14.0228 5784  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:05:14.0243 5784  TDTCP - ok
18:05:14.0259 5784  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:05:14.0306 5784  tdx - ok
18:05:14.0321 5784  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:05:14.0337 5784  TermDD - ok
18:05:14.0368 5784  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:05:14.0399 5784  TermService - ok
18:05:14.0415 5784  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:05:14.0431 5784  Themes - ok
18:05:14.0446 5784  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:05:14.0462 5784  THREADORDER - ok
18:05:14.0477 5784  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:05:14.0509 5784  TrkWks - ok
18:05:14.0571 5784  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:14.0602 5784  TrustedInstaller - ok
18:05:14.0633 5784  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:14.0665 5784  tssecsrv - ok
18:05:14.0680 5784  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:05:14.0711 5784  TsUsbFlt - ok
18:05:14.0711 5784  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:05:14.0711 5784  TsUsbGD - ok
18:05:14.0743 5784  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:05:14.0774 5784  tunnel - ok
18:05:14.0789 5784  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
18:05:14.0805 5784  TurboB - ok
18:05:14.0836 5784  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:05:14.0836 5784  TurboBoost - ok
18:05:14.0852 5784  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:05:14.0852 5784  uagp35 - ok
18:05:14.0867 5784  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:05:14.0899 5784  udfs - ok
18:05:14.0914 5784  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:05:14.0945 5784  UI0Detect - ok
18:05:14.0961 5784  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:05:14.0977 5784  uliagpkx - ok
18:05:14.0977 5784  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:05:15.0008 5784  umbus - ok
18:05:15.0023 5784  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:05:15.0039 5784  UmPass - ok
18:05:15.0117 5784  [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:05:15.0211 5784  UNS - ok
18:05:15.0226 5784  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:05:15.0273 5784  upnphost - ok
18:05:15.0304 5784  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:15.0335 5784  usbccgp - ok
18:05:15.0351 5784  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:05:15.0382 5784  usbcir - ok
18:05:15.0398 5784  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:05:15.0429 5784  usbehci - ok
18:05:15.0445 5784  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:05:15.0476 5784  usbhub - ok
18:05:15.0491 5784  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:05:15.0507 5784  usbohci - ok
18:05:15.0523 5784  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:05:15.0554 5784  usbprint - ok
18:05:15.0569 5784  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:15.0616 5784  USBSTOR - ok
18:05:15.0632 5784  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:05:15.0647 5784  usbuhci - ok
18:05:15.0694 5784  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:05:15.0725 5784  usbvideo - ok
18:05:15.0741 5784  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:05:15.0772 5784  UxSms - ok
18:05:15.0772 5784  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:05:15.0788 5784  VaultSvc - ok
18:05:15.0803 5784  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:05:15.0803 5784  vdrvroot - ok
18:05:15.0819 5784  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:05:15.0866 5784  vds - ok
18:05:15.0897 5784  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:15.0897 5784  vga - ok
18:05:15.0913 5784  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:05:15.0944 5784  VgaSave - ok
18:05:15.0959 5784  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:05:15.0975 5784  vhdmp - ok
18:05:15.0975 5784  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:05:15.0975 5784  viaide - ok
18:05:16.0006 5784  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:05:16.0022 5784  volmgr - ok
18:05:16.0037 5784  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:05:16.0053 5784  volmgrx - ok
18:05:16.0069 5784  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:05:16.0069 5784  volsnap - ok
18:05:16.0100 5784  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:05:16.0100 5784  vsmraid - ok
18:05:16.0147 5784  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:05:16.0240 5784  VSS - ok
18:05:16.0256 5784  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:05:16.0271 5784  vwifibus - ok
18:05:16.0287 5784  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:05:16.0303 5784  vwififlt - ok
18:05:16.0349 5784  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:05:16.0365 5784  vwifimp - ok
18:05:16.0396 5784  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:05:16.0427 5784  W32Time - ok
18:05:16.0443 5784  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:05:16.0474 5784  WacomPen - ok
18:05:16.0490 5784  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:05:16.0521 5784  WANARP - ok
18:05:16.0521 5784  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:05:16.0552 5784  Wanarpv6 - ok
18:05:16.0583 5784  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:05:16.0677 5784  wbengine - ok
18:05:16.0693 5784  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:05:16.0708 5784  WbioSrvc - ok
18:05:16.0739 5784  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:05:16.0771 5784  wcncsvc - ok
18:05:16.0786 5784  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:16.0817 5784  WcsPlugInService - ok
18:05:16.0849 5784  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:05:16.0864 5784  Wd - ok
18:05:16.0880 5784  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:05:16.0895 5784  Wdf01000 - ok
18:05:16.0927 5784  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:05:17.0005 5784  WdiServiceHost - ok
18:05:17.0005 5784  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:05:17.0020 5784  WdiSystemHost - ok
18:05:17.0036 5784  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:05:17.0051 5784  WebClient - ok
18:05:17.0067 5784  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:05:17.0114 5784  Wecsvc - ok
18:05:17.0129 5784  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:05:17.0176 5784  wercplsupport - ok
18:05:17.0192 5784  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:05:17.0223 5784  WerSvc - ok
18:05:17.0239 5784  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:17.0270 5784  WfpLwf - ok
18:05:17.0317 5784  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
18:05:17.0317 5784  WimFltr - ok
18:05:17.0348 5784  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:05:17.0348 5784  WIMMount - ok
18:05:17.0363 5784  WinDefend - ok
18:05:17.0379 5784  WinHttpAutoProxySvc - ok
18:05:17.0426 5784  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:05:17.0473 5784  Winmgmt - ok
18:05:17.0535 5784  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:05:17.0629 5784  WinRM - ok
18:05:17.0675 5784  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:05:17.0707 5784  Wlansvc - ok
18:05:17.0738 5784  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:05:17.0753 5784  WmiAcpi - ok
18:05:17.0769 5784  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:05:17.0785 5784  wmiApSrv - ok
18:05:17.0831 5784  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:05:17.0847 5784  WPCSvc - ok
18:05:17.0863 5784  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:05:17.0894 5784  WPDBusEnum - ok
18:05:17.0925 5784  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:05:17.0956 5784  ws2ifsl - ok
18:05:17.0987 5784  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:05:18.0003 5784  wscsvc - ok
18:05:18.0003 5784  WSearch - ok
18:05:18.0065 5784  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:05:18.0128 5784  wuauserv - ok
18:05:18.0143 5784  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:05:18.0175 5784  WudfPf - ok
18:05:18.0237 5784  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:18.0268 5784  WUDFRd - ok
18:05:18.0299 5784  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:05:18.0315 5784  wudfsvc - ok
18:05:18.0346 5784  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:05:18.0362 5784  WwanSvc - ok
18:05:18.0440 5784  X6va001 - ok
18:05:18.0455 5784  ================ Scan global ===============================
18:05:18.0471 5784  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:05:18.0518 5784  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:05:18.0518 5784  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:05:18.0533 5784  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:05:18.0549 5784  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:05:18.0565 5784  [Global] - ok
18:05:18.0565 5784  ================ Scan MBR ==================================
18:05:18.0565 5784  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:05:19.0064 5784  \Device\Harddisk0\DR0 - ok
18:05:19.0064 5784  ================ Scan VBR ==================================
18:05:19.0064 5784  [ 33047DF1A8DBAF404F77E82927AEC3D7 ] \Device\Harddisk0\DR0\Partition1
18:05:19.0079 5784  \Device\Harddisk0\DR0\Partition1 - ok
18:05:19.0095 5784  [ A33915385848C12938F2FD13ED959F95 ] \Device\Harddisk0\DR0\Partition2
18:05:19.0095 5784  \Device\Harddisk0\DR0\Partition2 - ok
18:05:19.0095 5784  ============================================================
18:05:19.0095 5784  Scan finished
18:05:19.0095 5784  ============================================================
18:05:19.0111 5332  Detected object count: 0
18:05:19.0111 5332  Actual detected object count: 0
         
sieht für mich Laien ja ganz gut aus^^.

mfg

Basti

Antwort

Themen zu TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess
antivir, avg, avira, bho, entfernen, error, fehler, firefox, flash player, focus, format, gfnexsrv.exe, home, homepage, iexplore.exe, install.exe, logfile, monitor, netzwerk, nvidia update, nvpciflt.sys, port, programm, realtek, registry, rootkitaccess, rundll, software, svchost.exe, teamspeak, udp, usb 3.0, wscript.exe



Ähnliche Themen: TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess


  1. PUA/Somoto.Gen2- C:\Users\*\AppData\Local\Microsoft\Windows\INetCache\IE\JR8ICEBF\setup[1]
    Log-Analyse und Auswertung - 23.03.2015 (7)
  2. Windows 7: Trojaner z.B. in C:\Users\Admin\AppData\Local
    Log-Analyse und Auswertung - 14.02.2015 (20)
  3. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  4. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  5. TR/Sirefef.P.1506 in C:\Users\Roos\AppData\Local\Temp\wpbt0.dll
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (6)
  6. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  7. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  8. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  9. TR/Sirefef.P.308 in C:\Users\*\AppData\Local\Temp\msimg32.dll
    Log-Analyse und Auswertung - 15.06.2012 (12)
  10. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  11. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  12. TR/Sirefef.A.31 in C:\Users\***\AppData\Local\Temp\06263bf.cpl und weitere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (13)
  13. C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll
    Log-Analyse und Auswertung - 06.05.2011 (23)
  14. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  15. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)

Zum Thema TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess - Hallo ihr Engel Vorab schonmal danke, dass es euch gibt, auch wenn ich vlt am Ende dumm dasteh, konnte ich es dank euch wenigstens probieren und weiß, dass ich nicht - TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess...
Archiv
Du betrachtest: TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.