Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 26.08.2012, 13:19   #1
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Hallo!

Erst einmal ein super Lob an dieses gut durchstrukturierte und hilfreiche Forum und Daumen hoch an die Leute, die sich hier jeden Tag um die Probleme anderer kümmern! Hoffentlich kannn mir auch jemand helfen. Schon einmal Danke im Voraus!

Vor wenigen Tagen ist mir ein Virusbefall aufgefallen. Es war der Virus TR/ATRAPS.Gen2. Ein Bankkonten Spionage Virus. Da ich eh kein Onlinebanking betreibe bin ich nicht sofort in Panik ausgebrochen, sondern sagte mir "Ich kümmere mich die nächsten Tage mal darum. Was mir dann aber auffiel, Avira Antivir nach dem Scan immer abstürzte. Es kam später ein zweit und ein Dritte dazu und gestern abend stellte ich fest, dass die Firewall dekativiert war und sich nicht mehr aktivieren lässt. Daher bin ich jetzt gerade schon sehr besorgt um meinen Laptop.
Folgende Viren wurden also bisher angezeigt.
TR/ATRAPS.Gen2
TR/Sirefef.16896
BDS/ZeroAccess.* (endung weiß ich nicht mehr)
Firewall aus.

Es folgen nun die vorgeschlagenen Arbeitsschritte.


Extras.TxtOTL Extras logfile created on: 8/26/2012 1:31:01 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.62% Memory free
8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 22.41 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.88 Gb Free Space | 67.62% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE1305-35D5-56F3-8B91-5BF29A8DB939}" = ATI Catalyst Install Manager
"{5F0C3F07-B6EF-C641-C4BD-7E202A194121}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03998AF6-3578-A45F-7653-2C6FF60CF2C1}" = Zoosk Messenger
"{0824E481-EB8E-A53B-5CA6-6EC82B29240F}" = CCC Help Russian
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13581A3D-28FF-4DDC-0E6D-E585F4E432AE}" = CCC Help Korean
"{1A786741-2D69-38F8-25A0-87D483FF893F}" = CCC Help French
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{35BEFF48-53E9-C955-5D24-D9F207C82954}" = CCC Help Portuguese
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43923CFF-E3EF-EC15-8F7A-D50F11AC8E38}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{552636E5-1274-9229-10A6-EE56638524D3}" = CCC Help German
"{5A186C42-F699-1207-7D8B-034120FBEFD4}" = CCC Help Dutch
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{724015FC-1175-CE89-667E-5C715EEB5052}" = CCC Help Italian
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78704F80-9845-BA22-DD52-DF1F88D8C8E8}" = CCC Help Czech
"{78CDB125-7541-33BA-11E0-55CF7346FD9D}" = CCC Help Chinese Standard
"{7A4A6C58-C772-DEB7-ADE5-7AA3D8393FDA}" = CCC Help English
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F6ED92F-459D-E40B-BD80-B87B3E852C0A}" = Catalyst Control Center Graphics Previews Vista
"{80E91367-66B4-9D48-D78E-17C3B5AFB83C}" = Catalyst Control Center Graphics Light
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{83C99425-1095-A10F-8622-D949180EFA83}" = CCC Help Norwegian
"{86209DE5-0642-1ADA-3060-0698374B84A1}" = CCC Help Danish
"{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9091F4E3-6A00-562A-DDF6-ECB1704F45B2}" = CCC Help Spanish
"{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy
"{97635F88-6774-7C96-B872-A4949A4FE06B}" = ccc-core-static
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A3E59DE5-46A8-68FB-7A2E-4507D2B7C1EC}" = Catalyst Control Center Localization All
"{A765D3FB-AE33-FAA0-E725-21E6558D8147}" = CCC Help Finnish
"{A8033DE8-2D2C-8730-5D35-8800C92560DE}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{AEAC0128-8947-0E77-860F-3BD0735F31E5}" = CCC Help Turkish
"{B8D52C7C-9460-7F82-C092-C0197B1138A1}" = CCC Help Swedish
"{BF192C65-04BE-3F5D-632F-51132799CDE0}" = Catalyst Control Center Graphics Full New
"{C50ED22A-B0D3-16D8-BE55-947DA0E6F986}" = CCC Help Thai
"{D0809476-5FF0-7724-27CB-BE73D216624A}" = CCC Help Hungarian
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB5C5CB4-3519-1D95-EF98-0356ABFAFAF8}" = CCC Help Japanese
"{E52C74AA-4E7E-51ED-B738-0D24922BE597}" = Catalyst Control Center Graphics Full Existing
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F71AA0EC-15E4-6F63-3C9C-7E8D8D756EC5}" = CCC Help Chinese Traditional
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE2F63F8-EB6C-493B-954D-DCB29ECAC423}" = ChessBase Reader
"{FEE0F194-7D6C-A7BF-F12E-96ABE64F5132}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FL Studio 10" = FL Studio 10
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2012 3:25:55 PM | Computer Name = ***-PC | Source = VSS | ID = 12310
Description =

Error - 8/16/2012 3:25:55 PM | Computer Name = ***-PC | Source = VSS | ID = 12298
Description =

Error - 8/16/2012 7:10:46 PM | Computer Name = ***-PC | Source = VSS | ID = 12310
Description =

Error - 8/16/2012 7:10:46 PM | Computer Name = ***-PC | Source = VSS | ID = 12298
Description =

Error - 8/17/2012 8:53:47 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ipmGui.exe, Version: 12.3.0.15, Zeitstempel:
0x4fa05906 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8e2bf220 ID des fehlerhaften Prozesses:
0x1ed4 Startzeit der fehlerhaften Anwendung: 0x01cd7c7754b411a9 Pfad der fehlerhaften
Anwendung: C:\program files (x86)\avira\antivir desktop\ipmGui.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 953901f8-e86a-11e1-99b1-e0cb4e0b5c88

Error - 8/19/2012 4:02:11 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.158, Zeitstempel:
0x4f4de709 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0c10c9ba ID des fehlerhaften Prozesses:
0xa20 Startzeit der fehlerhaften Anwendung: 0x01cd7e4471596af6 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: c2f32108-ea38-11e1-be5a-e0cb4e0b5c88

Error - 8/19/2012 9:16:24 PM | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =

Error - 8/23/2012 4:10:29 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: Flash64_11_3_300_271.ocx,
Version: 11.3.300.271, Zeitstempel: 0x5026fc1d Ausnahmecode: 0xc0000005 Fehleroffset:
0x0000000000674d95 ID des fehlerhaften Prozesses: 0xfa4 Startzeit der fehlerhaften
Anwendung: 0x01cd81062c98bb75 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_271.ocx
Berichtskennung:
0022433d-ecfa-11e1-b47e-e0cb4e0b5c88

Error - 8/23/2012 7:26:51 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel:
0x4626b2f4 Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4fa119ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x6a5ccfde ID des fehlerhaften
Prozesses: 0xf40 Startzeit der fehlerhaften Anwendung: 0x01cd818692af7cca Pfad der
fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{5ED0C29F-92E9-4E39-BEC1-F9F8F2505394}\ICQ7.exe
Pfad
des fehlerhaften Moduls: MoveIt.dll Berichtskennung: 03e8d82f-ed7a-11e1-bcf2-e0cb4e0b5c88

Error - 8/25/2012 7:18:56 PM | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.33 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1cf4 Startzeit:
01cd8312fae11ad3 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avscan.exe Berichts-ID: 094b8cd2-ef0b-11e1-b8fe-e0cb4e0b5c88

[ Media Center Events ]
Error - 7/6/2012 10:42:52 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:52 - Fehler beim Herstellen der Internetverbindung. 16:42:52
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 10:43:01 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:57 - Fehler beim Herstellen der Internetverbindung. 16:42:57
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 11:43:03 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:03 - Fehler beim Herstellen der Internetverbindung. 17:43:03
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 11:43:11 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:08 - Fehler beim Herstellen der Internetverbindung. 17:43:08
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 12:43:15 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:15 - Fehler beim Herstellen der Internetverbindung. 18:43:15
- Serververbindung konnte nicht hergestellt werden..

Error - 7/6/2012 12:43:26 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:20 - Fehler beim Herstellen der Internetverbindung. 18:43:20
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 8:44:14 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:14 - Fehler beim Herstellen der Internetverbindung. 14:44:14
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 8:44:33 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:20 - Fehler beim Herstellen der Internetverbindung. 14:44:20
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 9:44:38 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:38 - Fehler beim Herstellen der Internetverbindung. 15:44:38
- Serververbindung konnte nicht hergestellt werden..

Error - 7/19/2012 9:44:45 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:44 - Fehler beim Herstellen der Internetverbindung. 15:44:44
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 12:15:19 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 7:01:14 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/25/2012 8:08:34 AM | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 8/26/2012 7:25:25 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/26/2012 7:25:25 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/26/2012 7:25:27 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >



OTL.Txt
OTL logfile created on: 8/26/2012 1:31:01 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.62% Memory free
8.00 Gb Paging File | 5.97 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 22.41 Gb Free Space | 15.03% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.88 Gb Free Space | 67.62% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012/08/08 21:15:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/02/19 00:33:37 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/16 20:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 06:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2006/06/08 15:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 01:29:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 01:28:18 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/11 13:54:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 13:52:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 13:52:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 13:52:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2007/06/15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2005/07/30 21:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\OdiOlDVR.dll
MOD - [2004/06/21 10:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\OdiAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/22 04:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent)
SRV:64bit: - [2009/07/10 03:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV:64bit: - [2009/06/26 00:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/08/15 06:23:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/02/19 00:32:50 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/26 01:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 20:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landesschachbundbremen.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 15 00 3A 7C CF CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C730FC16-6818-4479-9BE4-4E070FB1B4DB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C730FC16-6818-4479-9BE4-4E070FB1B4DB}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5018 [2011/06/14 20:13:31 | 000,000,000 | ---D | M]

[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions
[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012/08/17 09:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/08/17 09:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/08/05 21:56:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/19 20:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com
[2011/03/01 23:22:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/16 21:21:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011/06/18 05:30:30 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc=
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Upgrade] C:\Users\***\AppData\Roaming\Mozilla\{A3FF5A97-8015-4F8E-98E4-C4FCF66C2055}\Upgrade.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 213.191.74.19 62.109.123.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95196CC1-CBD1-443B-9EB8-1FE51AC565EC}: DhcpNameServer = 192.168.2.1 213.191.74.19 62.109.123.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A7C588-07B5-48AB-AB54-A3A379575C5E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 01:13:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/23 10:06:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/20 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012/08/20 01:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZooskMessenger
[2012/08/13 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zuxxez
[2012/08/11 03:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012/07/28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SimCity 4
[2012/07/28 19:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/26 13:34:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 13:34:55 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 13:25:32 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\BootTime.ini
[2012/08/26 13:25:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc8fd8f80600f2.job
[2012/08/26 13:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/26 13:24:53 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 13:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 13:22:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/26 13:20:40 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/24 15:16:59 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2012/08/22 14:50:04 | 000,002,304 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/22 02:25:33 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/20 19:54:02 | 000,017,365 | ---- | M] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/20 12:26:16 | 000,328,704 | ---- | M] () -- C:\Windows\SysNative\services.exe
[2012/08/16 14:30:46 | 000,299,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 19:52:33 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/08/14 03:21:02 | 217,122,342 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/09 22:11:01 | 000,000,595 | ---- | M] () -- C:\Windows\eReg.dat
[2012/08/03 03:22:59 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/26 13:20:40 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/23 00:50:35 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@
[2012/08/23 00:07:37 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@
[2012/08/20 12:24:24 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@
[2012/08/20 03:43:59 | 000,017,365 | ---- | C] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/20 01:03:44 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk
[2012/08/14 03:21:02 | 217,122,342 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/28 19:45:53 | 000,000,595 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/10 22:22:34 | 000,647,168 | ---- | C] () -- C:\Program Files (x86)\tetris.exe
[2012/06/26 13:10:29 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2012/06/26 13:10:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2012/03/15 20:26:34 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012/02/28 18:10:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/02/27 04:11:06 | 000,000,082 | ---- | C] () -- C:\Windows\ChssBase.ini
[2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
[2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
[2011/05/26 18:16:26 | 000,000,043 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2011/02/19 17:28:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/19 01:12:39 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/19 00:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/18 21:09:46 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/18 21:09:46 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2011/05/11 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5015
[2011/06/08 13:10:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5016
[2011/06/10 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5017
[2011/06/14 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5018
[2012/05/10 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase
[2011/11/16 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cudylu
[2011/09/29 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eruh
[2012/02/21 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eType
[2012/02/28 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011/05/11 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012/06/16 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2011/03/01 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011/11/25 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Osebr
[2011/11/25 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quexdi
[2012/08/11 03:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/06/14 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012/01/19 03:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uverd
[2012/03/05 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wise Registry Cleaner
[2011/06/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011/09/28 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhef
[2012/07/13 10:20:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


x64 basierter- PC. Gmer wurde nicht angewendet


Ich hoffe ich habe nichts vergessen. Schon einmal ein riesiges Dankeschön im Voraus.

Alt 27.08.2012, 07:55   #2
kira
/// Helfer-Team
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Hallo und Herzlich Willkommen!

Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangen:
Zitat:
win32.ZAccess
Empfiehlt sich hier das System nur mehr neu zu installieren (alle anderen Optionen sind Unsinn!), da die Bekämpfung diese Art der Infektion ohne div. Nebenwirkungen und hinterlassenen Schaden, die immer wieder [auf verschiedene Weise] Probleme bereiten können, ist nicht möglich!
- einen Backdoor mit Rootkitfunktionalität

diese Malware verwendet Rootkit-Technologie und Backdoor-Routine
*was sind Backdoors und Rootkits*

Verhaltensweise:
"speicherresident"

Tipps & Rat: wenn Du deine Daten sichern möchtest:
- für eine reibungslose Abwicklung im Bereich Datensicherung, führe das folgende script mit OTL aus, außerdem das Tool TDSSKiller von Kaspersky und Malwarebytes laufen lassen:

Notice:
Wenn Du diese Dateien/Ordner nicht kennst, sollst auch mit OTL fixen (ansonsten aus dem Script entfernen)!:
Code:
ATTFilter
[2011/09/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cudylu
[2011/09/29 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eruh
[2011/11/25 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Osebr
[2011/11/25 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quexdi
[2012/01/19 03:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uverd
[2011/09/28 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhef
         
1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :
Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Upgrade] C:\Users\***\AppData\Roaming\Mozilla\{A3FF5A97-8015-4F8E-98E4-C4FCF66C2055}\Upgrade.exe File not found
[2011/09/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cudylu
[2011/09/29 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eruh
[2011/11/25 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Osebr
[2011/11/25 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quexdi
[2012/01/19 03:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uverd
[2011/09/28 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhef

:Files
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
C:\Users\***\AppData\Local\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
C:\Users\***\AppData\Roaming\urhtps.dat
C:\Users\***\AppData\Roaming\5015
C:\Users\***\AppData\Roaming\5016
C:\Users\***\AppData\Roaming\5017
C:\Users\***\AppData\Roaming\5018
C:\Users\***\AppData\Roaming\kock
C:\Users\***\AppData\Roaming\loadtbs
C:\Users\***\AppData\Roaming\UAs
C:\Users\***\AppData\Roaming\xmldm
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Zitat:
Achtung Mitleser!:
Jedes einzelne OTL-Script wird individuell auf den Benutzer abgestimmt! Diese Anleitung gilt nur auf dem hier betroffenen Rechner. Anwendung bei anderen Maschinen oder Nutzung von "selbst erstellte Scriptkombination" kann zu ernsthaften Schäden führen!
2.
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

3.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde in der Quarantäne verschieben, also nicht endgültig löschen lassen!
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

5.
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

6.
- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:
Zitat:
Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check
Die Online-Scanner sind alle reine On-Demand-Scanner. Sie durchsuchen einzelne Dateien oder Verzeichnisse, wahlweise die gesamte Festplatte, haben keinen Hintergrundwächter oder andere residente Prozesse. Dadurch verbrauchen sie ausser Festplattenspeicher keine Resourcen und man kann beliebig viele gleichzeitig installieren. Die Online-Scanner sind gut geeignet um sich eine zweite Meinung einzuholen.

6.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

gruß
kira
__________________

__________________

Geändert von kira (27.08.2012 um 08:02 Uhr)

Alt 27.08.2012, 13:35   #3
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Schon einmal jetzt großes Dankeschön für die schnelle Reaktion und großartige und klare Arbeitsanleitung. Ich werde die schritte weiter ausführen.
Hier das Fix-OTL.-Dokument:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Upgrade deleted successfully.
Folder C:\Users\***\AppData\Roaming\Cudylu\ not found.
Folder C:\Users\***\AppData\Roaming\Eruh\ not found.
Folder C:\Users\***\AppData\Roaming\Osebr\ not found.
Folder C:\Users\***\AppData\Roaming\Quexdi\ not found.
Folder C:\Users\***\AppData\Roaming\Uverd\ not found.
Folder C:\Users\***\AppData\Roaming\Yhef\ not found.
========== FILES ==========
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@ moved successfully.
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@ moved successfully.
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@ moved successfully.
File\Folder C:\Users\***\AppData\Local\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@ not found.
File\Folder C:\Users\***\AppData\Roaming\urhtps.dat not found.
File\Folder C:\Users\***\AppData\Roaming\5015 not found.
File\Folder C:\Users\***\AppData\Roaming\5016 not found.
File\Folder C:\Users\***\AppData\Roaming\5017 not found.
File\Folder C:\Users\***\AppData\Roaming\5018 not found.
File\Folder C:\Users\***\AppData\Roaming\kock not found.
File\Folder C:\Users\***\AppData\Roaming\loadtbs not found.
File\Folder C:\Users\***\AppData\Roaming\UAs not found.
File\Folder C:\Users\***\AppData\Roaming\xmldm not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ***->Temp folder emptied: 1959214261 bytes
->Temporary Internet Files folder emptied: 122633786 bytes
->Java cache emptied: 8613033 bytes
->Google Chrome cache emptied: 23023386 bytes
->Flash cache emptied: 24014047 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1801212464 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 160403791 bytes
RecycleBin emptied: 166903930 bytes

Total Files Cleaned = 4,068.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08272012_140827

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\***\AppData\Local\Temp\~DF111F1EB1D06FDE39.TMP not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DF7E356481F06C8106.TMP not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DF7FF0090F09644FD6.TMP not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFB03E5FBCD621A962.TMP not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFC2B60D3E525D6CF2.TMP not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFD188B82E5E14F7EA.TMP not found!
File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5FGTKN3\client[1].htm not found!
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04IJXFJR\banner[1].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Scanergebnis TDDS-Killer:

Virus.Win64.ZAccess.b
File: Windows/systems32/services.exe
malware object, high risk

Angewendetes Verfahren --> Cure

Computer wieder neugestartet, eine TDDS-*.txt-Datei habe ich nirgend auf meinem Rechner gefunden. Daher habe ich noch einmal gescannt, diesmal ohne Ergebnisse und Neustart-aufforderung. Ist vlt. die Auflistung des Reportfeldes beim Programmfenster gemeint? Ich kopiere einfach mal das Report Ergebnis hinein.

14:46:38.0816 2236 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:46:39.0237 2236 ============================================================
14:46:39.0237 2236 Current date / time: 2012/08/27 14:46:39.0237
14:46:39.0237 2236 SystemInfo:
14:46:39.0237 2236
14:46:39.0237 2236 OS Version: 6.1.7601 ServicePack: 1.0
14:46:39.0237 2236 Product type: Workstation
14:46:39.0237 2236 ComputerName: ***-PC
14:46:39.0237 2236 UserName: ***
14:46:39.0237 2236 Windows directory: C:\Windows
14:46:39.0237 2236 System windows directory: C:\Windows
14:46:39.0237 2236 Running under WOW64
14:46:39.0237 2236 Processor architecture: Intel x64
14:46:39.0237 2236 Number of processors: 2
14:46:39.0237 2236 Page size: 0x1000
14:46:39.0237 2236 Boot type: Normal boot
14:46:39.0237 2236 ============================================================
14:46:42.0419 2236 BG loaded
14:46:43.0823 2236 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:46:43.0870 2236 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:46:44.0229 2236 ============================================================
14:46:44.0229 2236 \Device\Harddisk0\DR0:
14:46:44.0260 2236 MBR partitions:
14:46:44.0260 2236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x12A17000
14:46:44.0307 2236 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14763000, BlocksNum 0x10CCB000
14:46:44.0307 2236 \Device\Harddisk1\DR1:
14:46:44.0307 2236 MBR partitions:
14:46:44.0307 2236 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
14:46:44.0307 2236 ============================================================
14:46:44.0401 2236 C: <-> \Device\Harddisk0\DR0\Partition1
14:46:44.0557 2236 D: <-> \Device\Harddisk0\DR0\Partition2
14:46:44.0572 2236 F: <-> \Device\Harddisk1\DR1\Partition1
14:46:44.0572 2236 ============================================================
14:46:44.0572 2236 Initialize success
14:46:44.0572 2236 ============================================================
14:52:53.0979 0844 ============================================================
14:52:53.0979 0844 Scan started
14:52:53.0979 0844 Mode: Manual;
14:52:53.0979 0844 ============================================================
14:52:57.0208 0844 ================ Scan system memory ========================
14:52:57.0208 0844 System memory - ok
14:52:57.0208 0844 ================ Scan services =============================
14:52:57.0427 0844 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:52:57.0427 0844 !SASCORE - ok
14:52:57.0739 0844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:52:57.0786 0844 1394ohci - ok
14:52:57.0864 0844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:52:57.0879 0844 ACPI - ok
14:52:57.0910 0844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:52:57.0910 0844 AcpiPmi - ok
14:52:58.0160 0844 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:58.0160 0844 AdobeFlashPlayerUpdateSvc - ok
14:52:58.0285 0844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:52:58.0347 0844 adp94xx - ok
14:52:58.0378 0844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:52:58.0394 0844 adpahci - ok
14:52:58.0410 0844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:52:58.0425 0844 adpu320 - ok
14:52:58.0597 0844 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
14:52:58.0597 0844 ADSMService - ok
14:52:58.0659 0844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:52:58.0659 0844 AeLookupSvc - ok
14:52:58.0753 0844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:52:58.0784 0844 AFD - ok
14:52:58.0831 0844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:52:58.0846 0844 agp440 - ok
14:52:58.0893 0844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:52:58.0893 0844 ALG - ok
14:52:58.0924 0844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:52:58.0940 0844 aliide - ok
14:52:58.0971 0844 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:52:58.0971 0844 AMD External Events Utility - ok
14:52:58.0987 0844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:52:59.0002 0844 amdide - ok
14:52:59.0034 0844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:52:59.0096 0844 AmdK8 - ok
14:52:59.0127 0844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:52:59.0127 0844 AmdPPM - ok
14:52:59.0174 0844 [ 8818A2AB90189B7FF60A24C0847F9A6B ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:52:59.0190 0844 amdsata - ok
14:52:59.0252 0844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:52:59.0283 0844 amdsbs - ok
14:52:59.0299 0844 [ 3C430969F097DEE18D13010D678069CD ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
14:52:59.0314 0844 amdxata - ok
14:52:59.0439 0844 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:52:59.0455 0844 AntiVirSchedulerService - ok
14:52:59.0533 0844 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:52:59.0533 0844 AntiVirService - ok
14:52:59.0611 0844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:52:59.0658 0844 AppID - ok
14:52:59.0767 0844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:52:59.0767 0844 AppIDSvc - ok
14:52:59.0923 0844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:52:59.0923 0844 Appinfo - ok
14:53:00.0048 0844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:53:00.0094 0844 arc - ok
14:53:00.0110 0844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:53:00.0126 0844 arcsas - ok
14:53:00.0188 0844 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
14:53:00.0204 0844 AsDsm - ok
14:53:00.0266 0844 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
14:53:00.0282 0844 ASLDRService - ok
14:53:00.0328 0844 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
14:53:00.0344 0844 ASMMAP64 - ok
14:53:00.0391 0844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:53:00.0406 0844 AsyncMac - ok
14:53:00.0453 0844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:53:00.0500 0844 atapi - ok
14:53:00.0703 0844 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:53:00.0718 0844 athr - ok
14:53:01.0030 0844 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:53:01.0124 0844 atikmdag - ok
14:53:01.0218 0844 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:53:01.0233 0844 AtiPcie - ok
14:53:01.0264 0844 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
14:53:01.0264 0844 ATKGFNEXSrv - ok
14:53:01.0327 0844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:53:01.0405 0844 AudioEndpointBuilder - ok
14:53:01.0452 0844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:53:01.0467 0844 AudioSrv - ok
14:53:01.0561 0844 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:53:01.0576 0844 avgntflt - ok
14:53:01.0639 0844 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:53:01.0654 0844 avipbb - ok
14:53:01.0748 0844 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:53:01.0748 0844 avkmgr - ok
14:53:01.0826 0844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:53:01.0857 0844 AxInstSV - ok
14:53:01.0951 0844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:53:02.0013 0844 b06bdrv - ok
14:53:02.0044 0844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:53:02.0076 0844 b57nd60a - ok
14:53:02.0107 0844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:53:02.0138 0844 BDESVC - ok
14:53:02.0154 0844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:53:02.0154 0844 Beep - ok
14:53:02.0200 0844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:53:02.0216 0844 blbdrive - ok
14:53:02.0263 0844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:53:02.0294 0844 bowser - ok
14:53:02.0341 0844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:53:02.0356 0844 BrFiltLo - ok
14:53:02.0388 0844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:53:02.0434 0844 BrFiltUp - ok
14:53:02.0512 0844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:53:02.0512 0844 Browser - ok
14:53:02.0575 0844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:53:02.0637 0844 Brserid - ok
14:53:02.0684 0844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:53:02.0715 0844 BrSerWdm - ok
14:53:02.0746 0844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:53:02.0762 0844 BrUsbMdm - ok
14:53:02.0809 0844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:53:02.0840 0844 BrUsbSer - ok
14:53:02.0887 0844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:53:02.0918 0844 BTHMODEM - ok
14:53:02.0949 0844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:53:02.0965 0844 bthserv - ok
14:53:02.0980 0844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:53:02.0996 0844 cdfs - ok
14:53:03.0058 0844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:53:03.0090 0844 cdrom - ok
14:53:03.0152 0844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:53:03.0168 0844 CertPropSvc - ok
14:53:03.0199 0844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:53:03.0214 0844 circlass - ok
14:53:03.0292 0844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:53:03.0324 0844 CLFS - ok
14:53:03.0370 0844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:53:03.0433 0844 clr_optimization_v2.0.50727_32 - ok
14:53:03.0464 0844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:53:03.0511 0844 clr_optimization_v2.0.50727_64 - ok
14:53:03.0651 0844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:53:03.0979 0844 clr_optimization_v4.0.30319_32 - ok
14:53:04.0041 0844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:53:04.0150 0844 clr_optimization_v4.0.30319_64 - ok
14:53:04.0197 0844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:53:04.0213 0844 CmBatt - ok
14:53:04.0244 0844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:53:04.0260 0844 cmdide - ok
14:53:04.0306 0844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:53:04.0353 0844 CNG - ok
14:53:04.0400 0844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:53:04.0416 0844 Compbatt - ok
14:53:04.0462 0844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:53:04.0462 0844 CompositeBus - ok
14:53:04.0494 0844 COMSysApp - ok
14:53:04.0525 0844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:53:04.0587 0844 crcdisk - ok
14:53:04.0712 0844 [ 64BEED6775C22B0362FA9DED3F8124A1 ] CRFILTER C:\Windows\system32\DRIVERS\CRFILTER.sys
14:53:04.0728 0844 CRFILTER - ok
14:53:04.0837 0844 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:53:04.0868 0844 CryptSvc - ok
14:53:04.0930 0844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:53:04.0962 0844 DcomLaunch - ok
14:53:05.0055 0844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:53:05.0071 0844 defragsvc - ok
14:53:05.0118 0844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:53:05.0118 0844 DfsC - ok
14:53:05.0242 0844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:53:05.0274 0844 Dhcp - ok
14:53:05.0336 0844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:53:05.0336 0844 discache - ok
14:53:05.0367 0844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:53:05.0367 0844 Disk - ok
14:53:05.0430 0844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:53:05.0445 0844 Dnscache - ok
14:53:05.0554 0844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:53:05.0586 0844 dot3svc - ok
14:53:05.0617 0844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:53:05.0617 0844 DPS - ok
14:53:05.0664 0844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:53:05.0679 0844 drmkaud - ok
14:53:05.0898 0844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:53:05.0913 0844 DXGKrnl - ok
14:53:05.0991 0844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:53:06.0007 0844 EapHost - ok
14:53:06.0303 0844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:53:06.0475 0844 ebdrv - ok
14:53:06.0537 0844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:53:06.0537 0844 EFS - ok
14:53:06.0678 0844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:53:06.0709 0844 ehRecvr - ok
14:53:06.0771 0844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:53:06.0771 0844 ehSched - ok
14:53:06.0865 0844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:53:06.0912 0844 elxstor - ok
14:53:06.0990 0844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:53:07.0005 0844 ErrDev - ok
14:53:07.0068 0844 [ 5CD1005B9BC241C3AB8501D5FBF09FD4 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
14:53:07.0068 0844 ETD - ok
14:53:07.0146 0844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:53:07.0208 0844 EventSystem - ok
14:53:07.0255 0844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:53:07.0348 0844 exfat - ok
14:53:07.0473 0844 [ B9352B6C6CC8274BDEA3E59DC2E59BE4 ] FastBootAgent C:\Windows\system32\FBAgent.exe
14:53:07.0504 0844 FastBootAgent - ok
14:53:07.0551 0844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:53:07.0567 0844 fastfat - ok
14:53:07.0660 0844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:53:07.0692 0844 Fax - ok
14:53:07.0738 0844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:53:07.0754 0844 fdc - ok
14:53:07.0785 0844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:53:07.0832 0844 fdPHost - ok
14:53:07.0863 0844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:53:07.0894 0844 FDResPub - ok
14:53:07.0941 0844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:53:08.0004 0844 FileInfo - ok
14:53:08.0019 0844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:53:08.0050 0844 Filetrace - ok
14:53:08.0082 0844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:53:08.0160 0844 flpydisk - ok
14:53:08.0284 0844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:53:08.0316 0844 FltMgr - ok
14:53:08.0628 0844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:53:08.0659 0844 FontCache - ok
14:53:08.0768 0844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:53:08.0784 0844 FontCache3.0.0.0 - ok
14:53:08.0830 0844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:53:08.0862 0844 FsDepends - ok
14:53:08.0893 0844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:53:08.0908 0844 Fs_Rec - ok
14:53:08.0971 0844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:53:09.0002 0844 fvevol - ok
14:53:09.0080 0844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:53:09.0111 0844 gagp30kx - ok
14:53:09.0236 0844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:53:09.0298 0844 gpsvc - ok
14:53:09.0439 0844 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:09.0470 0844 gupdate - ok
14:53:09.0517 0844 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:09.0517 0844 gupdatem - ok
14:53:09.0610 0844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:53:09.0657 0844 hcw85cir - ok
14:53:09.0798 0844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:53:09.0844 0844 HdAudAddService - ok
14:53:09.0891 0844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:53:09.0891 0844 HDAudBus - ok
14:53:09.0954 0844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:53:09.0985 0844 HidBatt - ok
14:53:10.0000 0844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:53:10.0016 0844 HidBth - ok
14:53:10.0047 0844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:53:10.0047 0844 HidIr - ok
14:53:10.0078 0844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:53:10.0094 0844 hidserv - ok
14:53:10.0156 0844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:53:10.0172 0844 HidUsb - ok
14:53:10.0250 0844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:53:10.0266 0844 hkmsvc - ok
14:53:10.0390 0844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:53:10.0437 0844 HomeGroupListener - ok
14:53:10.0500 0844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:53:10.0546 0844 HomeGroupProvider - ok
14:53:10.0609 0844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:53:10.0671 0844 HpSAMD - ok
14:53:10.0765 0844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:53:10.0827 0844 HTTP - ok
14:53:10.0874 0844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:53:10.0905 0844 hwpolicy - ok
14:53:10.0983 0844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:53:10.0999 0844 i8042prt - ok
14:53:11.0030 0844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:53:11.0046 0844 iaStorV - ok
14:53:11.0233 0844 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:53:11.0248 0844 IDriverT - ok
14:53:11.0451 0844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:53:11.0482 0844 idsvc - ok
14:53:11.0529 0844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:53:11.0545 0844 iirsp - ok
14:53:11.0607 0844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:53:11.0607 0844 IKEEXT - ok
14:53:11.0670 0844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:53:11.0685 0844 intelide - ok
14:53:11.0716 0844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:53:11.0732 0844 intelppm - ok
14:53:11.0763 0844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:53:11.0779 0844 IPBusEnum - ok
14:53:11.0826 0844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:53:11.0857 0844 IpFilterDriver - ok
14:53:11.0935 0844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:53:11.0997 0844 IPMIDRV - ok
14:53:12.0060 0844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:53:12.0075 0844 IPNAT - ok
14:53:12.0106 0844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:53:12.0106 0844 IRENUM - ok
14:53:12.0153 0844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:53:12.0184 0844 isapnp - ok
14:53:12.0231 0844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:53:12.0247 0844 iScsiPrt - ok
14:53:12.0278 0844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:53:12.0278 0844 kbdclass - ok
14:53:12.0309 0844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:53:12.0325 0844 kbdhid - ok
14:53:12.0372 0844 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
14:53:12.0372 0844 kbfiltr - ok
14:53:12.0403 0844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:53:12.0403 0844 KeyIso - ok
14:53:12.0434 0844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:53:12.0465 0844 KSecDD - ok
14:53:12.0512 0844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:53:12.0528 0844 KSecPkg - ok
14:53:12.0574 0844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:53:12.0574 0844 ksthunk - ok
14:53:12.0621 0844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:53:12.0684 0844 KtmRm - ok
14:53:12.0762 0844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:53:12.0777 0844 LanmanServer - ok
14:53:12.0824 0844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:53:12.0824 0844 LanmanWorkstation - ok
14:53:12.0902 0844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:53:12.0949 0844 lltdio - ok
14:53:13.0058 0844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:53:13.0089 0844 lltdsvc - ok
14:53:13.0136 0844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:53:13.0183 0844 lmhosts - ok
14:53:13.0261 0844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:53:13.0292 0844 LSI_FC - ok
14:53:13.0323 0844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:53:13.0339 0844 LSI_SAS - ok
14:53:13.0386 0844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:53:13.0401 0844 LSI_SAS2 - ok
14:53:13.0432 0844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:53:13.0448 0844 LSI_SCSI - ok
14:53:13.0479 0844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:53:13.0479 0844 luafv - ok
14:53:13.0526 0844 [ 085435AE1A124361304044029B5CC644 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
14:53:13.0557 0844 lullaby - ok
14:53:13.0620 0844 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:53:13.0635 0844 MBAMProtector - ok
14:53:13.0900 0844 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:53:13.0947 0844 MBAMService - ok
14:53:14.0041 0844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:53:14.0119 0844 Mcx2Svc - ok
14:53:14.0181 0844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:53:14.0181 0844 megasas - ok
14:53:14.0212 0844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:53:14.0228 0844 MegaSR - ok
14:53:14.0259 0844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:53:14.0259 0844 MMCSS - ok
14:53:14.0290 0844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:53:14.0322 0844 Modem - ok
14:53:14.0353 0844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:53:14.0353 0844 monitor - ok
14:53:14.0400 0844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:53:14.0415 0844 mouclass - ok
14:53:14.0446 0844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:53:14.0462 0844 mouhid - ok
14:53:14.0493 0844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:53:14.0509 0844 mountmgr - ok
14:53:14.0587 0844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:53:14.0618 0844 mpio - ok
14:53:14.0680 0844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:53:14.0696 0844 mpsdrv - ok
14:53:14.0774 0844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:53:14.0821 0844 MRxDAV - ok
14:53:14.0899 0844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:53:14.0930 0844 mrxsmb - ok
14:53:14.0977 0844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:53:14.0977 0844 mrxsmb10 - ok
14:53:15.0055 0844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:53:15.0086 0844 mrxsmb20 - ok
14:53:15.0148 0844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:53:15.0164 0844 msahci - ok
14:53:15.0242 0844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:53:15.0258 0844 msdsm - ok
14:53:15.0289 0844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:53:15.0304 0844 MSDTC - ok
14:53:15.0398 0844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:53:15.0414 0844 Msfs - ok
14:53:15.0445 0844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:53:15.0476 0844 mshidkmdf - ok
14:53:15.0523 0844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:53:15.0523 0844 msisadrv - ok
14:53:15.0601 0844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:53:15.0632 0844 MSiSCSI - ok
14:53:15.0648 0844 msiserver - ok
14:53:15.0679 0844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:53:15.0679 0844 MSKSSRV - ok
14:53:15.0694 0844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:53:15.0710 0844 MSPCLOCK - ok
14:53:15.0726 0844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:53:15.0726 0844 MSPQM - ok
14:53:15.0804 0844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:53:15.0850 0844 MsRPC - ok
14:53:15.0913 0844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:53:15.0913 0844 mssmbios - ok
14:53:15.0960 0844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:53:15.0975 0844 MSTEE - ok
14:53:15.0991 0844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:53:16.0022 0844 MTConfig - ok
14:53:16.0053 0844 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
14:53:16.0069 0844 MTsensor - ok
14:53:16.0084 0844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:53:16.0100 0844 Mup - ok
14:53:16.0194 0844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:53:16.0194 0844 napagent - ok
14:53:16.0256 0844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:53:16.0272 0844 NativeWifiP - ok
14:53:16.0490 0844 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:53:16.0521 0844 NDIS - ok
14:53:16.0584 0844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:53:16.0615 0844 NdisCap - ok
14:53:16.0662 0844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:53:16.0677 0844 NdisTapi - ok
14:53:16.0740 0844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:53:16.0755 0844 Ndisuio - ok
14:53:16.0833 0844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:53:16.0864 0844 NdisWan - ok
14:53:16.0974 0844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:53:16.0989 0844 NDProxy - ok
14:53:17.0052 0844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:53:17.0067 0844 NetBIOS - ok
14:53:17.0130 0844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:53:17.0161 0844 NetBT - ok
14:53:17.0192 0844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:53:17.0192 0844 Netlogon - ok
14:53:17.0254 0844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:53:17.0254 0844 Netman - ok
14:53:17.0286 0844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:53:17.0317 0844 netprofm - ok
14:53:17.0379 0844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:53:17.0379 0844 NetTcpPortSharing - ok
14:53:17.0426 0844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:53:17.0442 0844 nfrd960 - ok
14:53:17.0520 0844 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:53:17.0535 0844 NlaSvc - ok
14:53:17.0566 0844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:53:17.0566 0844 Npfs - ok
14:53:17.0613 0844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:53:17.0613 0844 nsi - ok
14:53:17.0676 0844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:53:17.0691 0844 nsiproxy - ok
14:53:17.0832 0844 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:53:18.0081 0844 Ntfs - ok
14:53:18.0128 0844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:53:18.0128 0844 Null - ok
14:53:18.0206 0844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:53:18.0237 0844 nvraid - ok
14:53:18.0284 0844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:53:18.0346 0844 nvstor - ok
14:53:18.0393 0844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:53:18.0409 0844 nv_agp - ok
14:53:18.0424 0844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:53:18.0440 0844 ohci1394 - ok
14:53:18.0487 0844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:53:18.0534 0844 p2pimsvc - ok
14:53:18.0549 0844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:53:18.0580 0844 p2psvc - ok
14:53:18.0612 0844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:53:18.0643 0844 Parport - ok
14:53:18.0752 0844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:53:18.0830 0844 partmgr - ok
14:53:18.0924 0844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:53:18.0939 0844 PcaSvc - ok
14:53:19.0033 0844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:53:19.0064 0844 pci - ok
14:53:19.0095 0844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:53:19.0111 0844 pciide - ok
14:53:19.0173 0844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:53:19.0204 0844 pcmcia - ok
14:53:19.0236 0844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:53:19.0251 0844 pcw - ok
14:53:19.0329 0844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:53:19.0454 0844 PEAUTH - ok
14:53:19.0766 0844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:53:19.0782 0844 PerfHost - ok
14:53:19.0969 0844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:53:20.0140 0844 pla - ok
14:53:20.0218 0844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:53:20.0250 0844 PlugPlay - ok
14:53:20.0296 0844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:53:20.0374 0844 PNRPAutoReg - ok
14:53:20.0390 0844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:53:20.0406 0844 PNRPsvc - ok
14:53:20.0546 0844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:53:20.0624 0844 PolicyAgent - ok
14:53:20.0655 0844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:53:20.0671 0844 Power - ok
14:53:20.0718 0844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:53:20.0749 0844 PptpMiniport - ok
14:53:20.0827 0844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:53:20.0874 0844 Processor - ok
14:53:20.0936 0844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:53:20.0967 0844 ProfSvc - ok
14:53:21.0014 0844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:53:21.0014 0844 ProtectedStorage - ok
14:53:21.0092 0844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:53:21.0108 0844 Psched - ok
14:53:21.0310 0844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:53:21.0498 0844 ql2300 - ok
14:53:21.0544 0844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:53:21.0576 0844 ql40xx - ok
14:53:21.0685 0844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:53:21.0732 0844 QWAVE - ok
14:53:21.0810 0844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:53:21.0825 0844 QWAVEdrv - ok
14:53:21.0872 0844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:53:21.0888 0844 RasAcd - ok
14:53:21.0919 0844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:53:21.0934 0844 RasAgileVpn - ok
14:53:21.0997 0844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:53:22.0028 0844 RasAuto - ok
14:53:22.0090 0844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:53:22.0137 0844 Rasl2tp - ok
14:53:22.0184 0844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:53:22.0215 0844 RasMan - ok
14:53:22.0262 0844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:53:22.0262 0844 RasPppoe - ok
14:53:22.0293 0844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:53:22.0293 0844 RasSstp - ok
14:53:22.0387 0844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:53:22.0418 0844 rdbss - ok
14:53:22.0434 0844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:53:22.0496 0844 rdpbus - ok
14:53:22.0527 0844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:53:22.0527 0844 RDPCDD - ok
14:53:22.0558 0844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:53:22.0574 0844 RDPENCDD - ok
14:53:22.0621 0844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:53:22.0621 0844 RDPREFMP - ok
14:53:22.0699 0844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:53:22.0746 0844 RDPWD - ok
14:53:22.0839 0844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:53:22.0902 0844 rdyboost - ok
14:53:22.0980 0844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:53:22.0995 0844 RemoteAccess - ok
14:53:23.0058 0844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:53:23.0136 0844 RemoteRegistry - ok
14:53:23.0182 0844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:53:23.0182 0844 RpcEptMapper - ok
14:53:23.0245 0844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:53:23.0245 0844 RpcLocator - ok
14:53:23.0338 0844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:53:23.0370 0844 RpcSs - ok
14:53:23.0385 0844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:53:23.0385 0844 rspndr - ok
14:53:23.0448 0844 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:53:23.0448 0844 RTL8167 - ok
14:53:23.0463 0844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:53:23.0463 0844 SamSs - ok
14:53:23.0572 0844 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:53:23.0572 0844 SASDIFSV - ok
14:53:23.0604 0844 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:53:23.0604 0844 SASKUTIL - ok
14:53:23.0666 0844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:53:23.0697 0844 sbp2port - ok
14:53:23.0806 0844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:53:23.0869 0844 SCardSvr - ok
14:53:23.0931 0844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:53:23.0962 0844 scfilter - ok
14:53:24.0103 0844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:53:24.0181 0844 Schedule - ok
14:53:24.0228 0844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:53:24.0228 0844 SCPolicySvc - ok
14:53:24.0290 0844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:53:24.0306 0844 SDRSVC - ok
14:53:24.0352 0844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:53:24.0352 0844 secdrv - ok
14:53:24.0430 0844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:53:24.0462 0844 seclogon - ok
14:53:24.0524 0844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:53:24.0524 0844 SENS - ok
14:53:24.0555 0844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:53:24.0586 0844 SensrSvc - ok
14:53:24.0618 0844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:53:24.0633 0844 Serenum - ok
14:53:24.0680 0844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:53:24.0696 0844 Serial - ok
14:53:24.0742 0844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:53:24.0758 0844 sermouse - ok
14:53:24.0836 0844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:53:24.0867 0844 SessionEnv - ok
14:53:24.0930 0844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:53:24.0945 0844 sffdisk - ok
14:53:24.0961 0844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:53:24.0976 0844 sffp_mmc - ok
14:53:24.0992 0844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:53:24.0992 0844 sffp_sd - ok
14:53:25.0039 0844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:53:25.0070 0844 sfloppy - ok
14:53:25.0179 0844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:53:25.0242 0844 ShellHWDetection - ok
14:53:25.0288 0844 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
14:53:25.0288 0844 SiSGbeLH - ok
14:53:25.0304 0844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:53:25.0320 0844 SiSRaid2 - ok
14:53:25.0335 0844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:53:25.0351 0844 SiSRaid4 - ok
14:53:25.0507 0844 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:53:25.0522 0844 SkypeUpdate - ok
14:53:25.0569 0844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:53:25.0600 0844 Smb - ok
14:53:25.0647 0844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:53:25.0647 0844 SNMPTRAP - ok
14:53:25.0850 0844 [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
14:53:25.0881 0844 SNP2UVC - ok
14:53:25.0944 0844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:53:25.0959 0844 spldr - ok
14:53:26.0100 0844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:53:26.0131 0844 Spooler - ok
14:53:26.0552 0844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:53:26.0630 0844 sppsvc - ok
14:53:26.0677 0844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:53:26.0692 0844 sppuinotify - ok
14:53:26.0755 0844 [ AC51533C7EEB05AA02B294A60E946238 ] SRS_PremiumSound_Service C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys
14:53:26.0817 0844 SRS_PremiumSound_Service - ok
14:53:26.0911 0844 [ 4F4B88E2FB91AEEF0251F627BD7AE322 ] SRS_VolSync_Service C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
14:53:26.0911 0844 SRS_VolSync_Service - ok
14:53:27.0036 0844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:53:27.0082 0844 srv - ok
14:53:27.0238 0844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:53:27.0301 0844 srv2 - ok
14:53:27.0363 0844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:53:27.0472 0844 srvnet - ok
14:53:27.0519 0844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:53:27.0550 0844 SSDPSRV - ok
14:53:27.0566 0844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:53:27.0582 0844 SstpSvc - ok
14:53:27.0613 0844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:53:27.0675 0844 stexstor - ok
14:53:27.0925 0844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:53:27.0956 0844 stisvc - ok
14:53:27.0987 0844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:53:28.0003 0844 swenum - ok
14:53:28.0143 0844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:53:28.0206 0844 swprv - ok
14:53:28.0346 0844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:53:28.0362 0844 SysMain - ok
14:53:28.0393 0844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:53:28.0424 0844 TabletInputService - ok
14:53:28.0440 0844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:53:28.0471 0844 TapiSrv - ok
14:53:28.0502 0844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:53:28.0533 0844 TBS - ok
14:53:28.0658 0844 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:53:28.0736 0844 Tcpip - ok
14:53:28.0954 0844 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:53:28.0954 0844 TCPIP6 - ok
14:53:29.0017 0844 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:53:29.0048 0844 tcpipreg - ok
14:53:29.0204 0844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:53:29.0220 0844 TDPIPE - ok
14:53:29.0251 0844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:53:29.0266 0844 TDTCP - ok
14:53:29.0329 0844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:53:29.0344 0844 tdx - ok
14:53:29.0438 0844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:53:29.0454 0844 TermDD - ok
14:53:29.0563 0844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:53:29.0578 0844 TermService - ok
14:53:29.0656 0844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:53:29.0672 0844 Themes - ok
14:53:29.0734 0844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:53:29.0750 0844 THREADORDER - ok
14:53:29.0812 0844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:53:29.0812 0844 TrkWks - ok
14:53:29.0906 0844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:53:29.0937 0844 TrustedInstaller - ok
14:53:30.0015 0844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:53:30.0015 0844 tssecsrv - ok
14:53:30.0109 0844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:53:30.0124 0844 TsUsbFlt - ok
14:53:30.0234 0844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:53:30.0265 0844 tunnel - ok
14:53:30.0327 0844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:53:30.0358 0844 uagp35 - ok
14:53:30.0468 0844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:53:30.0639 0844 udfs - ok
14:53:30.0717 0844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:53:30.0733 0844 UI0Detect - ok
14:53:30.0811 0844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:53:30.0842 0844 uliagpkx - ok
14:53:30.0873 0844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:53:30.0873 0844 umbus - ok
14:53:30.0951 0844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:53:30.0998 0844 UmPass - ok
14:53:31.0045 0844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:53:31.0060 0844 upnphost - ok
14:53:31.0123 0844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:53:31.0138 0844 usbccgp - ok
14:53:31.0232 0844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:53:31.0279 0844 usbcir - ok
14:53:31.0310 0844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:53:31.0310 0844 usbehci - ok
14:53:31.0341 0844 [ D524F3716D85B744762FF5EAAEF8F3A2 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:53:31.0341 0844 usbfilter - ok
14:53:31.0388 0844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:53:31.0404 0844 usbhub - ok
14:53:31.0419 0844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:53:31.0419 0844 usbohci - ok
14:53:31.0513 0844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:53:31.0544 0844 usbprint - ok
14:53:31.0606 0844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:53:31.0638 0844 USBSTOR - ok
14:53:31.0669 0844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:53:31.0684 0844 usbuhci - ok
14:53:31.0731 0844 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:53:31.0762 0844 usbvideo - ok
14:53:31.0794 0844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:53:31.0809 0844 UxSms - ok
14:53:31.0825 0844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:53:31.0840 0844 VaultSvc - ok
14:53:31.0903 0844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:53:31.0934 0844 vdrvroot - ok
14:53:31.0996 0844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:53:32.0012 0844 vds - ok
14:53:32.0059 0844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:53:32.0074 0844 vga - ok
14:53:32.0106 0844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:53:32.0121 0844 VgaSave - ok
14:53:32.0184 0844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:53:32.0246 0844 vhdmp - ok
14:53:32.0418 0844 [ FE595D1A1B781190BB483444B62CC607 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
14:53:32.0433 0844 VIAHdAudAddService - ok
14:53:32.0527 0844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:53:32.0542 0844 viaide - ok
14:53:32.0574 0844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:53:32.0589 0844 volmgr - ok
14:53:32.0667 0844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:53:32.0730 0844 volmgrx - ok
14:53:32.0761 0844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:53:32.0776 0844 volsnap - ok
14:53:32.0808 0844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:53:32.0823 0844 vsmraid - ok
14:53:33.0010 0844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:53:33.0042 0844 VSS - ok
14:53:33.0073 0844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:53:33.0088 0844 vwifibus - ok
14:53:33.0104 0844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:53:33.0120 0844 vwififlt - ok
14:53:33.0182 0844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:53:33.0213 0844 W32Time - ok
14:53:33.0276 0844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:53:33.0291 0844 WacomPen - ok
14:53:33.0369 0844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:53:33.0400 0844 WANARP - ok
14:53:33.0416 0844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:53:33.0416 0844 Wanarpv6 - ok
14:53:33.0525 0844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:53:33.0556 0844 wbengine - ok
14:53:33.0603 0844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:53:33.0666 0844 WbioSrvc - ok
14:53:33.0775 0844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:53:33.0822 0844 wcncsvc - ok
14:53:33.0853 0844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:53:33.0884 0844 WcsPlugInService - ok
14:53:33.0915 0844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:53:33.0946 0844 Wd - ok
14:53:34.0040 0844 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:53:34.0134 0844 Wdf01000 - ok
14:53:34.0165 0844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:53:34.0180 0844 WdiServiceHost - ok
14:53:34.0227 0844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:53:34.0227 0844 WdiSystemHost - ok
14:53:34.0352 0844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:53:34.0414 0844 WebClient - ok
14:53:34.0446 0844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:53:34.0461 0844 Wecsvc - ok
14:53:34.0492 0844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:53:34.0492 0844 wercplsupport - ok
14:53:34.0524 0844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:53:34.0539 0844 WerSvc - ok
14:53:34.0570 0844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:53:34.0586 0844 WfpLwf - ok
14:53:34.0617 0844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:53:34.0633 0844 WIMMount - ok
14:53:34.0648 0844 WinHttpAutoProxySvc - ok
14:53:34.0914 0844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:53:34.0976 0844 Winmgmt - ok
14:53:35.0101 0844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:53:35.0194 0844 WinRM - ok
14:53:35.0304 0844 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:53:35.0319 0844 WinUsb - ok
14:53:35.0491 0844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:53:35.0553 0844 Wlansvc - ok
14:53:35.0616 0844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:53:35.0631 0844 WmiAcpi - ok
14:53:35.0678 0844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:53:35.0694 0844 wmiApSrv - ok
14:53:35.0756 0844 WMPNetworkSvc - ok
14:53:35.0803 0844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:53:35.0818 0844 WPCSvc - ok
14:53:35.0881 0844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:53:35.0928 0844 WPDBusEnum - ok
14:53:35.0990 0844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:53:36.0006 0844 ws2ifsl - ok
14:53:36.0021 0844 WSearch - ok
14:53:36.0084 0844 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:53:36.0115 0844 WudfPf - ok
14:53:36.0193 0844 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:53:36.0208 0844 WUDFRd - ok
14:53:36.0271 0844 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:53:36.0318 0844 wudfsvc - ok
14:53:36.0396 0844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:53:36.0427 0844 WwanSvc - ok
14:53:36.0489 0844 ================ Scan global ===============================
14:53:36.0505 0844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:53:36.0598 0844 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:53:36.0645 0844 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:53:36.0708 0844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:53:36.0801 0844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:53:36.0864 0844 [Global] - ok
14:53:36.0864 0844 ================ Scan MBR ==================================
14:53:36.0895 0844 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:53:37.0924 0844 \Device\Harddisk0\DR0 - ok
14:53:38.0283 0844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:53:38.0299 0844 \Device\Harddisk1\DR1 - ok
14:53:38.0314 0844 ================ Scan VBR ==================================
14:53:38.0330 0844 [ 436A475E5B7ED8FB8B6BC82ABEB9BE33 ] \Device\Harddisk0\DR0\Partition1
14:53:38.0346 0844 \Device\Harddisk0\DR0\Partition1 - ok
14:53:38.0377 0844 [ 24C1AC205191E134585473EDF5CE4615 ] \Device\Harddisk0\DR0\Partition2
14:53:38.0377 0844 \Device\Harddisk0\DR0\Partition2 - ok
14:53:38.0392 0844 [ 006AE970C9C6DFF783F8F7523C20A5FF ] \Device\Harddisk1\DR1\Partition1
14:53:38.0392 0844 \Device\Harddisk1\DR1\Partition1 - ok
14:53:38.0392 0844 ============================================================
14:53:38.0392 0844 Scan finished
14:53:38.0392 0844 ============================================================
14:53:38.0424 3244 Detected object count: 0
14:53:38.0424 3244 Actual detected object count: 0

4. Malwarebytes-ScanMalwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

Schutz: Aktiviert

27.08.2012 15:01:35
mbam-log-2012-08-27 (15-01-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 448481
Laufzeit: 2 Stunde(n), 39 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alles wie oben aufgeführt erledigt.

Wollte jetzt eine Neuinstallation machen und habe dazu bei Bios die Boot-Device-Reihenfolge auf CD gestellt. Allerdings bootet er trotzdem wie gewohnt.

Mein Avira zeigt nach wie vor im Echtzeitscan an, dass Sirefef und ATRAPS auf dem Rechner sind. Entspricht das den Erwartungen. Wundert mich gerade nach den bisher gelesenen Scripten.

Hm verrückt ...
Also mein DVD Laufwerk liest einfach CDs, ältere Spiele, aber keine neuen Spiele und nicht die Recovery-CD. Strange ...
__________________

Geändert von Chesser (27.08.2012 um 13:59 Uhr)

Alt 28.08.2012, 07:21   #4
kira
/// Helfer-Team
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



1.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 28.08.2012, 12:22   #5
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Danke für die weitere Reaktion!

2. OLT-Scan
OLTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/28/2012 12:42:42 PM - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.77% Memory free
8.00 Gb Paging File | 5.66 Gb Available in Paging File | 70.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 26.41 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.89 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012/08/08 21:15:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/02/19 00:33:37 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/16 20:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 06:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2006/06/08 15:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/13 01:29:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 01:28:18 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/11 13:54:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 13:52:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 13:52:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 13:52:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2007/06/15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2005/07/30 21:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\OdiOlDVR.dll
MOD - [2004/06/21 10:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\OdiAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/22 04:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent)
SRV:64bit: - [2009/07/10 03:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV:64bit: - [2009/06/26 00:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/08/15 06:23:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/02/19 00:32:50 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/26 01:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 20:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landesschachbundbremen.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 15 00 3A 7C CF CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C730FC16-6818-4479-9BE4-4E070FB1B4DB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C730FC16-6818-4479-9BE4-4E070FB1B4DB}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5018 [2011/06/14 20:13:31 | 000,000,000 | ---D | M]
 
[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions
[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012/08/17 09:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/08/17 09:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/08/05 21:56:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/19 20:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com
[2011/03/01 23:22:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/16 21:21:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011/06/18 05:30:30 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc=
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Upgrade] C:\Users\***\AppData\Roaming\Mozilla\{A3FF5A97-8015-4F8E-98E4-C4FCF66C2055}\Upgrade.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 62.109.123.6 213.191.92.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95196CC1-CBD1-443B-9EB8-1FE51AC565EC}: DhcpNameServer = 192.168.2.1 62.109.123.6 213.191.92.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A7C588-07B5-48AB-AB54-A3A379575C5E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/27 14:43:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/27 14:08:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/26 01:13:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/23 10:06:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/20 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012/08/20 01:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZooskMessenger
[2012/08/15 13:58:42 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 13:58:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 13:58:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 13:58:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 13:58:28 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 13:58:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 13:58:28 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/15 13:58:23 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 13:58:22 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 13:58:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 13:57:57 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/15 13:57:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 13:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 13:57:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 13:57:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 13:57:55 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 13:57:55 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 13:57:40 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/13 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zuxxez
[2012/08/11 03:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/28 12:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/28 12:22:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/28 11:59:05 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 11:59:05 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 11:49:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc8fd8f80600f2.job
[2012/08/28 11:49:06 | 000,000,086 | ---- | M] () -- C:\Windows\SysNative\BootTime.ini
[2012/08/28 11:49:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 11:48:51 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/27 14:20:00 | 002,193,184 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller.zip
[2012/08/27 00:05:35 | 000,020,009 | ---- | M] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/26 13:20:40 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/24 15:16:59 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2012/08/22 14:50:04 | 000,002,304 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/22 02:25:33 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/20 12:26:16 | 000,328,704 | ---- | M] () -- C:\Windows\SysNative\services.exe
[2012/08/16 14:30:46 | 000,299,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 19:52:33 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/08/15 06:23:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 06:23:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 03:21:02 | 217,122,342 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/09 22:11:01 | 000,000,595 | ---- | M] () -- C:\Windows\eReg.dat
[2012/08/03 03:22:59 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/27 20:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@
[2012/08/27 20:04:11 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@
[2012/08/27 14:19:57 | 002,193,184 | ---- | C] () -- C:\Users\***\Desktop\tdsskiller.zip
[2012/08/26 13:20:40 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/20 12:24:24 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@
[2012/08/20 03:43:59 | 000,020,009 | ---- | C] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/20 01:03:44 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk
[2012/08/14 03:21:02 | 217,122,342 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/28 19:45:53 | 000,000,595 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/10 22:22:34 | 000,647,168 | ---- | C] () -- C:\Program Files (x86)\tetris.exe
[2012/06/26 13:10:29 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2012/06/26 13:10:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2012/03/15 20:26:34 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012/02/28 18:10:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/02/27 04:11:06 | 000,000,082 | ---- | C] () -- C:\Windows\ChssBase.ini
[2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
[2011/05/26 18:16:26 | 000,000,043 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2011/02/19 17:28:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/19 01:12:39 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/19 00:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/18 21:09:46 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/18 21:09:46 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2011/05/11 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5015
[2011/06/08 13:10:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5016
[2011/06/10 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5017
[2011/06/14 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5018
[2012/05/10 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase
[2011/11/16 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cudylu
[2011/09/29 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eruh
[2012/02/21 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eType
[2012/02/28 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011/05/11 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012/06/16 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2011/03/01 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011/11/25 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Osebr
[2011/11/25 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quexdi
[2012/08/11 03:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/06/14 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012/01/19 03:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uverd
[2012/03/05 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wise Registry Cleaner
[2011/06/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011/09/28 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhef
[2012/07/13 10:20:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



TXTOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 8/28/2012 12:42:42 PM - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.77% Memory free
8.00 Gb Paging File | 5.66 Gb Available in Paging File | 70.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 26.41 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.89 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE1305-35D5-56F3-8B91-5BF29A8DB939}" = ATI Catalyst Install Manager
"{5F0C3F07-B6EF-C641-C4BD-7E202A194121}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03998AF6-3578-A45F-7653-2C6FF60CF2C1}" = Zoosk Messenger
"{0824E481-EB8E-A53B-5CA6-6EC82B29240F}" = CCC Help Russian
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13581A3D-28FF-4DDC-0E6D-E585F4E432AE}" = CCC Help Korean
"{1A786741-2D69-38F8-25A0-87D483FF893F}" = CCC Help French
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{35BEFF48-53E9-C955-5D24-D9F207C82954}" = CCC Help Portuguese
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43923CFF-E3EF-EC15-8F7A-D50F11AC8E38}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{552636E5-1274-9229-10A6-EE56638524D3}" = CCC Help German
"{5A186C42-F699-1207-7D8B-034120FBEFD4}" = CCC Help Dutch
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{724015FC-1175-CE89-667E-5C715EEB5052}" = CCC Help Italian
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78704F80-9845-BA22-DD52-DF1F88D8C8E8}" = CCC Help Czech
"{78CDB125-7541-33BA-11E0-55CF7346FD9D}" = CCC Help Chinese Standard
"{7A4A6C58-C772-DEB7-ADE5-7AA3D8393FDA}" = CCC Help English
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F6ED92F-459D-E40B-BD80-B87B3E852C0A}" = Catalyst Control Center Graphics Previews Vista
"{80E91367-66B4-9D48-D78E-17C3B5AFB83C}" = Catalyst Control Center Graphics Light
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{83C99425-1095-A10F-8622-D949180EFA83}" = CCC Help Norwegian
"{86209DE5-0642-1ADA-3060-0698374B84A1}" = CCC Help Danish
"{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9091F4E3-6A00-562A-DDF6-ECB1704F45B2}" = CCC Help Spanish
"{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy
"{97635F88-6774-7C96-B872-A4949A4FE06B}" = ccc-core-static
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A3E59DE5-46A8-68FB-7A2E-4507D2B7C1EC}" = Catalyst Control Center Localization All
"{A765D3FB-AE33-FAA0-E725-21E6558D8147}" = CCC Help Finnish
"{A8033DE8-2D2C-8730-5D35-8800C92560DE}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{AEAC0128-8947-0E77-860F-3BD0735F31E5}" = CCC Help Turkish
"{B8D52C7C-9460-7F82-C092-C0197B1138A1}" = CCC Help Swedish
"{BF192C65-04BE-3F5D-632F-51132799CDE0}" = Catalyst Control Center Graphics Full New
"{C50ED22A-B0D3-16D8-BE55-947DA0E6F986}" = CCC Help Thai
"{D0809476-5FF0-7724-27CB-BE73D216624A}" = CCC Help Hungarian
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB5C5CB4-3519-1D95-EF98-0356ABFAFAF8}" = CCC Help Japanese
"{E52C74AA-4E7E-51ED-B738-0D24922BE597}" = Catalyst Control Center Graphics Full Existing
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F71AA0EC-15E4-6F63-3C9C-7E8D8D756EC5}" = CCC Help Chinese Traditional
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE2F63F8-EB6C-493B-954D-DCB29ECAC423}" = ChessBase Reader
"{FEE0F194-7D6C-A7BF-F12E-96ABE64F5132}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FL Studio 10" = FL Studio 10
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/17/2012 8:53:47 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ipmGui.exe, Version: 12.3.0.15, Zeitstempel:
 0x4fa05906  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8e2bf220  ID des fehlerhaften Prozesses:
 0x1ed4  Startzeit der fehlerhaften Anwendung: 0x01cd7c7754b411a9  Pfad der fehlerhaften
 Anwendung: C:\program files (x86)\avira\antivir desktop\ipmGui.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 953901f8-e86a-11e1-99b1-e0cb4e0b5c88
 
Error - 8/19/2012 4:02:11 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.158, Zeitstempel:
 0x4f4de709  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0c10c9ba  ID des fehlerhaften Prozesses:
 0xa20  Startzeit der fehlerhaften Anwendung: 0x01cd7e4471596af6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: c2f32108-ea38-11e1-be5a-e0cb4e0b5c88
 
Error - 8/19/2012 9:16:24 PM | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/23/2012 4:10:29 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: Flash64_11_3_300_271.ocx, 
Version: 11.3.300.271, Zeitstempel: 0x5026fc1d  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0000000000674d95  ID des fehlerhaften Prozesses: 0xfa4  Startzeit der fehlerhaften
 Anwendung: 0x01cd81062c98bb75  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_271.ocx
Berichtskennung:
 0022433d-ecfa-11e1-b47e-e0cb4e0b5c88
 
Error - 8/23/2012 7:26:51 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel:
 0x4626b2f4  Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0, 
Zeitstempel: 0x4fa119ef  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6a5ccfde  ID des fehlerhaften
 Prozesses: 0xf40  Startzeit der fehlerhaften Anwendung: 0x01cd818692af7cca  Pfad der
 fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{5ED0C29F-92E9-4E39-BEC1-F9F8F2505394}\ICQ7.exe
Pfad
 des fehlerhaften Moduls: MoveIt.dll  Berichtskennung: 03e8d82f-ed7a-11e1-bcf2-e0cb4e0b5c88
 
Error - 8/25/2012 7:18:56 PM | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.33 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1cf4    Startzeit:
 01cd8312fae11ad3    Endzeit: 60000    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avscan.exe    Berichts-ID: 094b8cd2-ef0b-11e1-b8fe-e0cb4e0b5c88  
 
Error - 8/26/2012 11:35:09 AM | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 4b0    Startzeit: 01cd83a000e4edf6    Endzeit: 32    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: 64916043-ef93-11e1-a4d5-e0cb4e0b5c88  
 
Error - 8/26/2012 4:00:26 PM | Computer Name = ***-PC | Source = VSS | ID = 12310
Description = 
 
Error - 8/26/2012 4:00:26 PM | Computer Name = ***-PC | Source = VSS | ID = 12298
Description = 
 
Error - 8/27/2012 1:48:15 PM | Computer Name = ***-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion Scan_TestFile() für die Datei
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@.

 [ACCESS_VIOLATION Exception!! EIP = 0x73e52e29]   Bitte Avira informieren und die
 obige Datei übersenden!
 
[ Media Center Events ]
Error - 7/6/2012 10:42:52 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:52 - Fehler beim Herstellen der Internetverbindung.  16:42:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 10:43:01 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:57 - Fehler beim Herstellen der Internetverbindung.  16:42:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 11:43:03 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:03 - Fehler beim Herstellen der Internetverbindung.  17:43:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 11:43:11 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:08 - Fehler beim Herstellen der Internetverbindung.  17:43:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 12:43:15 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:15 - Fehler beim Herstellen der Internetverbindung.  18:43:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 12:43:26 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:20 - Fehler beim Herstellen der Internetverbindung.  18:43:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 8:44:14 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:14 - Fehler beim Herstellen der Internetverbindung.  14:44:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 8:44:33 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:20 - Fehler beim Herstellen der Internetverbindung.  14:44:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 9:44:38 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:38 - Fehler beim Herstellen der Internetverbindung.  15:44:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 9:44:45 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:44 - Fehler beim Herstellen der Internetverbindung.  15:44:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 8/27/2012 1:48:16 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 8/27/2012 1:49:47 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 8/27/2012 1:49:47 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/27/2012 1:49:47 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/27/2012 5:15:51 PM | Computer Name = ***-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 8/27/2012 5:16:18 PM | Computer Name = ***-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 8/28/2012 5:49:03 AM | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?08.?2012 um 02:55:17 unerwartet heruntergefahren.
 
Error - 8/28/2012 5:49:05 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 8/28/2012 5:49:05 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/28/2012 5:49:05 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >
         
--- --- ---


CC-Programmliste
Code:
ATTFilter
50 FREE MP3s +1 Free Audiobook!	eMusic.com Inc	28.04.2011		1.0.0.1
Acrobat.com	Adobe Systems Incorporated	18.02.2011	1,58MB	1.1.377
Adobe AIR	Adobe Systems Incorporated	20.08.2012		3.3.0.3670
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	14.08.2012	6,00MB	11.3.300.271
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	15.08.2012	6,00MB	11.3.300.271
Adobe Reader 9.0.1	Adobe Systems Incorporated	18.02.2011	202MB	9.0.1
AMD USB Filter Driver	Advanced Micro Devices, Inc.	18.02.2011	56,0KB	1.0.13.88
ASIO4ALL	Michael Tippach	23.07.2011		2.10
ASUS CopyProtect	ASUS	18.02.2011	3,62MB	1.0.0015
ASUS Data Security Manager	ASUS	18.02.2011	15,1MB	1.00.0013
ASUS FancyStart	ASUSTeK Computer Inc.	18.02.2011	10,5MB	1.0.6
ASUS LifeFrame3	ASUS	18.02.2011	27,7MB	3.0.20
ASUS Live Update	ASUS	19.02.2011		2.5.9
ASUS MultiFrame	ASUS	19.02.2011		1.0.0019
ASUS Power4Gear Hybrid	ASUS	18.02.2011	10,7MB	1.1.19
ASUS SmartLogon	ASUS	18.02.2011	10,8MB	1.0.0007
ASUS Splendid Video Enhancement Technology	ASUS	18.02.2011	24,4MB	1.02.0028
ASUS_Screensaver		19.02.2011		
Atheros Client Installation Program	Atheros	18.02.2011		7.0
ATI Catalyst Install Manager	ATI Technologies, Inc.	18.02.2011	18,2MB	3.0.732.0
ATK Generic Function Service	ATK	18.02.2011		1.00.0008
ATK Hotkey	ASUS	18.02.2011	5,74MB	1.0.0051
ATK Media	ASUS	18.02.2011	186KB	2.0.0005
ATKOSD2	ASUS	18.02.2011	6,52MB	7.0.0006
Avira Free Antivirus	Avira	08.08.2012	125MB	12.0.0.1167
CCleaner	Piriform	22.08.2012		3.22
ChessBase Reader		25.05.2011		2
ControlDeck	ASUS	18.02.2011	1,77MB	1.0.1
Fast Boot	ASUS	18.02.2011	1,69MB	1.0.1
FL Studio 10	Image-Line	23.07.2011		
Google Chrome	Google Inc.	19.02.2011		21.0.1180.83
Google Earth	Google	06.07.2011	85,3MB	5.2.1.1588
IL Download Manager	Image-Line	23.07.2011		
Java(TM) 7 Update 5	Oracle	16.06.2012	99,3MB	7.0.50
JavaFX 2.1.1	Oracle Corporation	16.06.2012	20,8MB	2.1.1
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	24.07.2012	18,7MB	1.62.0.1300
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	20.02.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	20.02.2011	2,93MB	4.0.30319
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	18.02.2011	708KB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	01.03.2011	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.02.2011	596KB	9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	08.06.2012	11,1MB	10.0.40219
Multimedia Card Reader	 	18.02.2011	164KB	1.01.0000.00
Olympus Digital Wave Player		15.08.2012		
OLYMPUS DSS Player-Lite		15.06.2011		
OpenOffice.org 3.3	OpenOffice.org	02.03.2011	414MB	3.3.9567
Realtek 8136 8168 8169 Ethernet Driver	Realtek	18.02.2011		1.00.0005
Skype™ 5.8	Skype Technologies S.A.	08.03.2012	19,0MB	5.8.158
SRS Premium Sound	SRS Labs, Inc.	18.02.2011	5,61MB	1.09.1900
SUPERAntiSpyware	SUPERAntiSpyware.com	05.03.2012	92,8MB	5.0.1144
USB 2.0 1.3M UVC WebCam		19.02.2011		
VIA Platform Device Manager	VIA Technologies, Inc.	18.02.2011	2,61MB	1.34
Winamp	Nullsoft, Inc	28.04.2011		5.61 
Windows Media Player Firefox Plugin	Microsoft Corp	29.10.2011	296KB	1.0.0.8
WinFlash	ASUS	18.02.2011	1,28MB	2.29.0
WinRAR 4.00 (32-Bit)	win.rar GmbH	17.04.2011		4.00.0
Wireless Console 3	ASUS	18.02.2011	2,42MB	3.0.10
Wise Registry Cleaner 6.21	WiseCleaner.com, Inc.	05.03.2012	2,80MB	
Zoosk Messenger	Zoosk, Inc.	20.08.2012		4.128.3
         


Geändert von Chesser (28.08.2012 um 12:32 Uhr)

Alt 28.08.2012, 14:40   #6
kira
/// Helfer-Team
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



1.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
C:\Program Files (x86)\Zuxxez
         
2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Upgrade] C:\Users\***\AppData\Roaming\Mozilla\{A3FF5A97-8015-4F8E-98E4-C4FCF66C2055}\Upgrade.exe File not found
[2012/08/27 20:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@
[2012/08/27 20:04:11 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@
[2012/08/20 12:24:24 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@
[2012/01/11 12:25:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@

:Files
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@
C:\Users\***\AppData\Roaming\urhtps.dat
C:\Users\***\AppData\Roaming\5015
C:\Users\***\AppData\Roaming\5016
C:\Users\***\AppData\Roaming\5017
C:\Users\***\AppData\Roaming\5018
C:\Users\***\AppData\Roaming\Cudylu
C:\Users\***\AppData\Roaming\Eruh
C:\Users\***\AppData\Roaming\kock
C:\Users\***\AppData\Roaming\loadtbs
C:\Users\***\AppData\Roaming\Osebr
C:\Users\***\AppData\Roaming\Quexdi
C:\Users\***\AppData\Roaming\UAs
C:\Users\***\AppData\Roaming\Uverd
C:\Users\***\AppData\Roaming\xmldm
C:\Users\***\AppData\Roaming\Yhef

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
► versuche jetzt das System neu zu installieren, ob es geht?
__________________
--> multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess

Geändert von kira (28.08.2012 um 15:15 Uhr)

Alt 28.08.2012, 14:47   #7
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Zitat:
Zitat von kira Beitrag anzeigen
1.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
C:\Program Files (x86)\Zuxxez
         
Warum der Name so komisch ist, weiß ich auch nicht. In dem Ordner befinden sich Speicherdateien dessen alten Spiels "Jagged Alliance 2 Wildfire".

2.


Fixen mit OTL
Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Upgrade deleted successfully.
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@ moved successfully.
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@ moved successfully.
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@ moved successfully.
========== FILES ==========
File\Folder C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@ not found.
File\Folder C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@ not found.
File\Folder C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@ not found.
File\Folder C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\@ not found.
File\Folder C:\Users\***\AppData\Roaming\urhtps.dat not found.
File\Folder C:\Users\***\AppData\Roaming\5015 not found.
File\Folder C:\Users\***\AppData\Roaming\5016 not found.
File\Folder C:\Users\***\AppData\Roaming\5017 not found.
File\Folder C:\Users\***\AppData\Roaming\5018 not found.
File\Folder C:\Users\***\AppData\Roaming\Cudylu not found.
File\Folder C:\Users\***\AppData\Roaming\Eruh not found.
File\Folder C:\Users\***\AppData\Roaming\kock not found.
File\Folder C:\Users\***\AppData\Roaming\loadtbs not found.
File\Folder C:\Users\***\AppData\Roaming\Osebr not found.
File\Folder C:\Users\***\AppData\Roaming\Quexdi not found.
File\Folder C:\Users\***\AppData\Roaming\UAs not found.
File\Folder C:\Users\***\AppData\Roaming\Uverd not found.
File\Folder C:\Users\***\AppData\Roaming\xmldm not found.
File\Folder C:\Users\***\AppData\Roaming\Yhef not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\MHentrop\Desktop\cmd.bat deleted successfully.
C:\Users\MHentrop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 53632 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: MHentrop
->Temp folder emptied: 286293997 bytes
->Temporary Internet Files folder emptied: 124615910 bytes
->Java cache emptied: 5501526 bytes
->Google Chrome cache emptied: 6534024 bytes
->Flash cache emptied: 24005749 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42176 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2670659 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 429.00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08282012_154637

Files\Folders moved on Reboot...
C:\Users\MHentrop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\MHentrop\AppData\Local\Temp\~DF7C806BD91F7B652E.TMP not found!
File\Folder C:\Users\MHentrop\AppData\Local\Temp\~DF8B318850795D6C4E.TMP not found!
File\Folder C:\Users\MHentrop\AppData\Local\Temp\~DFA8366B6996BF8402.TMP not found!
File\Folder C:\Users\MHentrop\AppData\Local\Temp\~DFB5A0D912762D5883.TMP not found!
File\Folder C:\Users\MHentrop\AppData\Local\Temp\~DFD4E9ABD04BB2EB35.TMP not found!
File\Folder C:\Users\MHentrop\AppData\Local\Temp\~DFDD8939D883177F42.TMP not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\bildkontakte_de[2].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\bildkontakte_de[3].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\blank[1].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\blank[2].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\blank[3].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\entrex[1].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\entrex[2].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\entrex[3].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\entrex[4].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\oben[2].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\oben[3].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\pngbehavior[1].htc not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\radio[2].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\radio[3].htm not found!
File\Folder C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVC9FAAO\rechts[3].htm not found!
C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PXYBRPB\get-mirror-server[1].htm moved successfully.
C:\Users\MHentrop\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Geändert von Chesser (28.08.2012 um 15:08 Uhr)

Alt 28.08.2012, 15:21   #8
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Nach updates suchen (Java)Funktioniert leider nicht. Es kommt eine ähnliche Meldung wie bei der Firewall.
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess-unbenannt.jpg

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 8/28/2012 4:49:30 PM - Run 3
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.77% Memory free
8.00 Gb Paging File | 6.12 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 26.63 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.89 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE1305-35D5-56F3-8B91-5BF29A8DB939}" = ATI Catalyst Install Manager
"{5F0C3F07-B6EF-C641-C4BD-7E202A194121}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0824E481-EB8E-A53B-5CA6-6EC82B29240F}" = CCC Help Russian
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13581A3D-28FF-4DDC-0E6D-E585F4E432AE}" = CCC Help Korean
"{1A786741-2D69-38F8-25A0-87D483FF893F}" = CCC Help French
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{35BEFF48-53E9-C955-5D24-D9F207C82954}" = CCC Help Portuguese
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43923CFF-E3EF-EC15-8F7A-D50F11AC8E38}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{552636E5-1274-9229-10A6-EE56638524D3}" = CCC Help German
"{5A186C42-F699-1207-7D8B-034120FBEFD4}" = CCC Help Dutch
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{724015FC-1175-CE89-667E-5C715EEB5052}" = CCC Help Italian
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78704F80-9845-BA22-DD52-DF1F88D8C8E8}" = CCC Help Czech
"{78CDB125-7541-33BA-11E0-55CF7346FD9D}" = CCC Help Chinese Standard
"{7A4A6C58-C772-DEB7-ADE5-7AA3D8393FDA}" = CCC Help English
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F6ED92F-459D-E40B-BD80-B87B3E852C0A}" = Catalyst Control Center Graphics Previews Vista
"{80E91367-66B4-9D48-D78E-17C3B5AFB83C}" = Catalyst Control Center Graphics Light
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{83C99425-1095-A10F-8622-D949180EFA83}" = CCC Help Norwegian
"{86209DE5-0642-1ADA-3060-0698374B84A1}" = CCC Help Danish
"{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9091F4E3-6A00-562A-DDF6-ECB1704F45B2}" = CCC Help Spanish
"{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy
"{97635F88-6774-7C96-B872-A4949A4FE06B}" = ccc-core-static
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A3E59DE5-46A8-68FB-7A2E-4507D2B7C1EC}" = Catalyst Control Center Localization All
"{A765D3FB-AE33-FAA0-E725-21E6558D8147}" = CCC Help Finnish
"{A8033DE8-2D2C-8730-5D35-8800C92560DE}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{AEAC0128-8947-0E77-860F-3BD0735F31E5}" = CCC Help Turkish
"{B8D52C7C-9460-7F82-C092-C0197B1138A1}" = CCC Help Swedish
"{BF192C65-04BE-3F5D-632F-51132799CDE0}" = Catalyst Control Center Graphics Full New
"{C50ED22A-B0D3-16D8-BE55-947DA0E6F986}" = CCC Help Thai
"{D0809476-5FF0-7724-27CB-BE73D216624A}" = CCC Help Hungarian
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB5C5CB4-3519-1D95-EF98-0356ABFAFAF8}" = CCC Help Japanese
"{E52C74AA-4E7E-51ED-B738-0D24922BE597}" = Catalyst Control Center Graphics Full Existing
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F71AA0EC-15E4-6F63-3C9C-7E8D8D756EC5}" = CCC Help Chinese Traditional
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE2F63F8-EB6C-493B-954D-DCB29ECAC423}" = ChessBase Reader
"{FEE0F194-7D6C-A7BF-F12E-96ABE64F5132}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FL Studio 10" = FL Studio 10
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/17/2012 8:53:47 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ipmGui.exe, Version: 12.3.0.15, Zeitstempel:
 0x4fa05906  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8e2bf220  ID des fehlerhaften Prozesses:
 0x1ed4  Startzeit der fehlerhaften Anwendung: 0x01cd7c7754b411a9  Pfad der fehlerhaften
 Anwendung: C:\program files (x86)\avira\antivir desktop\ipmGui.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 953901f8-e86a-11e1-99b1-e0cb4e0b5c88
 
Error - 8/19/2012 4:02:11 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.158, Zeitstempel:
 0x4f4de709  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0c10c9ba  ID des fehlerhaften Prozesses:
 0xa20  Startzeit der fehlerhaften Anwendung: 0x01cd7e4471596af6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: c2f32108-ea38-11e1-be5a-e0cb4e0b5c88
 
Error - 8/19/2012 9:16:24 PM | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 8/23/2012 4:10:29 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: Flash64_11_3_300_271.ocx, 
Version: 11.3.300.271, Zeitstempel: 0x5026fc1d  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0000000000674d95  ID des fehlerhaften Prozesses: 0xfa4  Startzeit der fehlerhaften
 Anwendung: 0x01cd81062c98bb75  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_271.ocx
Berichtskennung:
 0022433d-ecfa-11e1-b47e-e0cb4e0b5c88
 
Error - 8/23/2012 7:26:51 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel:
 0x4626b2f4  Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0, 
Zeitstempel: 0x4fa119ef  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6a5ccfde  ID des fehlerhaften
 Prozesses: 0xf40  Startzeit der fehlerhaften Anwendung: 0x01cd818692af7cca  Pfad der
 fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{5ED0C29F-92E9-4E39-BEC1-F9F8F2505394}\ICQ7.exe
Pfad
 des fehlerhaften Moduls: MoveIt.dll  Berichtskennung: 03e8d82f-ed7a-11e1-bcf2-e0cb4e0b5c88
 
Error - 8/25/2012 7:18:56 PM | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.33 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1cf4    Startzeit:
 01cd8312fae11ad3    Endzeit: 60000    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avscan.exe    Berichts-ID: 094b8cd2-ef0b-11e1-b8fe-e0cb4e0b5c88  
 
Error - 8/26/2012 11:35:09 AM | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 4b0    Startzeit: 01cd83a000e4edf6    Endzeit: 32    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: 64916043-ef93-11e1-a4d5-e0cb4e0b5c88  
 
Error - 8/26/2012 4:00:26 PM | Computer Name = ***-PC | Source = VSS | ID = 12310
Description = 
 
Error - 8/26/2012 4:00:26 PM | Computer Name = ***-PC | Source = VSS | ID = 12298
Description = 
 
Error - 8/27/2012 1:48:15 PM | Computer Name = ***-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion Scan_TestFile() für die Datei
C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@.

 [ACCESS_VIOLATION Exception!! EIP = 0x73e52e29]   Bitte Avira informieren und die
 obige Datei übersenden!
 
[ Media Center Events ]
Error - 7/6/2012 10:42:52 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:52 - Fehler beim Herstellen der Internetverbindung.  16:42:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 10:43:01 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:42:57 - Fehler beim Herstellen der Internetverbindung.  16:42:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 11:43:03 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:03 - Fehler beim Herstellen der Internetverbindung.  17:43:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 11:43:11 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:43:08 - Fehler beim Herstellen der Internetverbindung.  17:43:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 12:43:15 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:15 - Fehler beim Herstellen der Internetverbindung.  18:43:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/6/2012 12:43:26 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:43:20 - Fehler beim Herstellen der Internetverbindung.  18:43:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 8:44:14 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:14 - Fehler beim Herstellen der Internetverbindung.  14:44:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 8:44:33 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:44:20 - Fehler beim Herstellen der Internetverbindung.  14:44:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 9:44:38 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:38 - Fehler beim Herstellen der Internetverbindung.  15:44:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/19/2012 9:44:45 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:44:44 - Fehler beim Herstellen der Internetverbindung.  15:44:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 8/28/2012 5:49:05 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 8/28/2012 5:49:05 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/28/2012 5:49:05 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/28/2012 9:59:16 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 8/28/2012 9:59:17 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/28/2012 9:59:17 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/28/2012 10:43:50 AM | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?08.?2012 um 16:41:42 unerwartet heruntergefahren.
 
Error - 8/28/2012 10:43:53 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 8/28/2012 10:43:55 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 8/28/2012 10:43:56 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >
         
--- --- ---



OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/28/2012 4:49:30 PM - Run 3
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.77% Memory free
8.00 Gb Paging File | 6.12 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 26.63 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 90.89 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012/08/08 21:15:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/02/19 00:33:37 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/16 20:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 06:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2006/06/08 15:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/13 01:29:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 01:28:18 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/11 13:54:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 13:52:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 13:52:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 13:52:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/07/23 03:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2005/07/30 21:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\OdiOlDVR.dll
MOD - [2004/06/21 10:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\OdiAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/22 04:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent)
SRV:64bit: - [2009/07/10 03:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV:64bit: - [2009/06/26 00:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/08/15 06:23:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/02/19 00:32:50 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/26 01:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 20:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.landesschachbundbremen.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 15 00 3A 7C CF CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C730FC16-6818-4479-9BE4-4E070FB1B4DB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C730FC16-6818-4479-9BE4-4E070FB1B4DB}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5018 [2011/06/14 20:13:31 | 000,000,000 | ---D | M]
 
[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions
[2012/08/17 09:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012/08/17 09:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u0bkxte7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/08/17 09:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/08/05 21:56:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/19 20:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com
[2011/03/01 23:22:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/16 21:21:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011/06/18 05:30:30 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc=
CHR - default_search_provider: Search the web (Softonic) ()
CHR - default_search_provider: search_url = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=49&cc=
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 62.109.123.6 213.191.92.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95196CC1-CBD1-443B-9EB8-1FE51AC565EC}: DhcpNameServer = 192.168.2.1 62.109.123.6 213.191.92.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A7C588-07B5-48AB-AB54-A3A379575C5E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/28 13:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/28 13:24:19 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup322.exe
[2012/08/27 14:43:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/27 14:08:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/26 01:13:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/23 10:06:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/20 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012/08/15 13:58:42 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 13:58:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 13:58:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 13:58:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 13:58:28 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 13:58:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 13:58:28 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/15 13:58:23 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 13:58:22 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 13:58:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 13:57:57 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/15 13:57:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 13:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 13:57:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 13:57:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 13:57:55 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 13:57:55 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 13:57:40 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/13 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zuxxez
[2012/08/11 03:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/28 16:52:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 16:52:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 16:44:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc8fd8f80600f2.job
[2012/08/28 16:44:05 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\BootTime.ini
[2012/08/28 16:43:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 16:43:41 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 16:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/28 16:22:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/28 16:15:54 | 000,085,854 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.jpg
[2012/08/28 13:24:39 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup322.exe
[2012/08/27 14:20:00 | 002,193,184 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller.zip
[2012/08/27 00:05:35 | 000,020,009 | ---- | M] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/26 13:20:40 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/26 01:13:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/08/24 15:16:59 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2012/08/22 14:50:04 | 000,002,304 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/22 02:25:33 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/20 12:26:16 | 000,328,704 | ---- | M] () -- C:\Windows\SysNative\services.exe
[2012/08/16 14:30:46 | 000,299,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 19:52:33 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/08/15 06:23:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 06:23:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 03:21:02 | 217,122,342 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/09 22:11:01 | 000,000,595 | ---- | M] () -- C:\Windows\eReg.dat
[2012/08/03 03:22:59 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/28 16:15:54 | 000,085,854 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.jpg
[2012/08/28 15:49:28 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\800000cb.@
[2012/08/28 15:49:28 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\80000000.@
[2012/08/28 15:49:28 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{1094f66f-3399-a04d-6bb7-a113c35b076a}\U\00000001.@
[2012/08/27 14:19:57 | 002,193,184 | ---- | C] () -- C:\Users\***\Desktop\tdsskiller.zip
[2012/08/26 13:20:40 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012/08/26 13:20:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012/08/20 03:43:59 | 000,020,009 | ---- | C] () -- C:\Users\***\Desktop\arbeit.odt
[2012/08/14 03:21:02 | 217,122,342 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/28 19:45:53 | 000,000,595 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/10 22:22:34 | 000,647,168 | ---- | C] () -- C:\Program Files (x86)\tetris.exe
[2012/06/26 13:10:29 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2012/06/26 13:10:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2012/03/15 20:26:34 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012/02/28 18:10:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/02/27 04:11:06 | 000,000,082 | ---- | C] () -- C:\Windows\ChssBase.ini
[2011/05/26 18:16:26 | 000,000,043 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2011/02/19 17:28:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/19 01:12:39 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/19 00:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/18 21:09:46 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/18 21:09:46 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2011/05/11 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5015
[2011/06/08 13:10:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5016
[2011/06/10 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5017
[2011/06/14 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5018
[2012/05/10 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase
[2011/11/16 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cudylu
[2011/09/29 01:39:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eruh
[2012/02/21 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eType
[2012/02/28 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011/05/11 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012/06/16 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2011/03/01 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011/11/25 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Osebr
[2011/11/25 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quexdi
[2012/08/11 03:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/06/14 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012/01/19 03:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uverd
[2012/03/05 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wise Registry Cleaner
[2011/06/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011/09/28 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhef
[2012/07/13 10:20:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von Chesser (28.08.2012 um 16:12 Uhr)

Alt 28.08.2012, 16:19   #9
kira
/// Helfer-Team
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



sorry, Du warst zu schnell (oder ich langsam), habe Java rausgenommen, da es ist jetzt nicht wichtig, spielt keine Rolle.
Die wichtigste frage ist jedoch, ob Du dein System jetzt neu installieren kannst?:
lass vorher auch noch CCleaner drüberlaufen:

Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 28.08.2012, 16:59   #10
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Alles erledigt wie oben beschrieben. Scheine desweiteren ein Hardware-Problem haben. Das Laufwerk hat selbst beim Lesen einfacherer CDs häufiger Schwierigkeiten und wird Links in der Auflistung der Laufwerke nicht einmal aufgezählt. Vermutlich wäre dies - wenn überhaupt behebbar - ein neues Thema.
Name:  Unbenannt2.jpg
Hits: 203
Größe:  60,9 KB

Alt 28.08.2012, 18:09   #11
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Hat die DVD jetzt nach einigen Versuchen mal wieder lesen können. Glaube aber nun dass die DVD, die ich hatte zur Neuinstalltion nicht ausreicht. Meine mich Dunkelzu erinnern dass Windwos 7 damals nur vorinstalliert war und nur eine Treiber-DVD mitgeliefert worden ist. Das heißt ich muss jetzt überlegen, ob ich ein neues Betriebssystem hole oder mir gleich einen neuen Laptop hole. Ist immerhin schon fast 3 Jahre alt. Nächstes Jahr wäre es wohl eh fast wieder fällig gewesen.

Der Stand bis jetzt ist, dass jetzt keine weiteren Virusmeldungen mehr kommen, meine Firewall aber immer noch nicht einschaltbar ist. Muss dann auf Internet weitest gehend verzichten, bis ich wieder einen Internetfähigen intakten Rechner habe.

Auch wenn ich mein Problem jetzt nicht lösen kann (was ja an meinem Zubehör liegt) möchte ich ein riesiges Dankeschön an dich aussprechen. Ich spende gerne, habe schon geguckt wie.

Alt 28.08.2012, 19:20   #12
kira
/// Helfer-Team
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Zitat:
Zitat von Chesser Beitrag anzeigen
Meine mich Dunkelzu erinnern dass Windwos 7 damals nur vorinstalliert war und nur eine Treiber-DVD mitgeliefert worden ist.
dann vermutlich dein Laptop hat eine Recoverfyfunktion (versteckte Partition auf der Platte), mit dem der Auslieferungszustand wiederhergestellt werden kann. Es gibt eine Tastenkombination, die Du beim start des Pc´s drücken musst! Wie Du aus dem Handbuch der Herstellers entnehmen kannst, oder der technischer Support wenden. - (ein Bootmenu aufrufen, dann eine beliebige Taste drücken vlt F9 Taste?)

2.
Nach Neuinstallation kannst dann eigene Installation CD`s erstellen:
hat ASUS extra ein Programm vorinstalliert (glaube "AL Recovery Burner" heißt), welches die Recovery DVD erstellt. Da wird aber mehrere CD`s benötigt, ist es doof...viel Müll werden auch "mitgesichert"
aber schaue mal hier vorbei...

-> http://support.asus.com/Troubleshoot...O1&os=&no=1775
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 28.08.2012, 21:44   #13
Chesser
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Jaaaaaaaaaa!

Soweit ich es durchschaue, ist echt alles wieder in beser Ordnung. Gibt definitiv ne Spende für euch. Ich gebe dich bei der der Überweisung als untergeord. Verwendungszweck ein.


Noch einmal besten Dank. Und ich wollte mir schon einen neuen Laptop kaufen ... Jetzt kann ich damit wohl doch noch ein Jahr warten. :-)

Alt 29.08.2012, 08:03   #14
kira
/// Helfer-Team
 
multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Standard

multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess



Ich freue mich, dass alles so gut geklappt hat! damit erkläre ich unsere Mission als beendet

herzlichen Dank für deine tatkräftige Unterstützung

alles Gute
gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess
adobe, antivir, autorun, avg, avira, ebanking, error, explorer, firefox, flash player, format, google, home, homepage, install.exe, installation, langs, logfile, olympus, plug-in, programm, realtek, registry, registry cleaner, rundll, scan, security, software, super, svchost.exe, tr/atraps.gen2., usb 2.0, vdeck.exe, viren, windows



Ähnliche Themen: multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess


  1. Trojaner tr/atraps.gen2 und tr/sirefef.abx befall
    Log-Analyse und Auswertung - 09.10.2013 (3)
  2. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  3. Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (60)
  4. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  5. tr/sirefef.16896 und tr/atraps.gen2; wie bekomme ich die weg?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (17)
  6. TR/Sirefef.16896 und TR/ATRAPS.Gen2 im Papierkorb-Verzeichnis (Win7 x64)
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (5)
  7. TR/ATRAPS.Gen2 und TR/Sirefef.W.16896 in C:\$Recycle.Bin\S-1-5-18\......
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (3)
  8. TR/Sirefef.16896 und TR/ATRAPS.Gen2 auf Laptop gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (33)
  9. TR/ATRAPS.Gen2 und TR/Sirefef.16896 lässt sich nicht entfernen
    Log-Analyse und Auswertung - 06.09.2012 (33)
  10. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  11. Trojaner geangelt TR/ATRAPS.Gen2 TR/Sirefef.16896
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (38)
  12. TR/Winwebsec.AJ.14;BDS/ZAccess.W;EXP/JAVA.Teqwari.gen;TR/Agent.2049;TR/ATRAPS.gen2 und TR/sirefef.16896 von AVIRA gefunden
    Log-Analyse und Auswertung - 21.08.2012 (12)
  13. Trojaner TR/ATRAPS.Gen2 und TR/Sirefef.16896 lassen sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (5)
  14. Avira: Wiederholte Warnung zu TR/ATRAPS.Gen2 und TR/Sirefef.16896
    Log-Analyse und Auswertung - 15.08.2012 (1)
  15. TR/Sirefef.16896 und TR/ATRAPS.Gen2 wurden gefunden.
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  16. doppelt: Sirefef.AG.35, ATRAPS.GEN2 u. Small.FI Befall
    Mülltonne - 17.06.2012 (0)
  17. Multipler Befall mit ZeroAccess, durch drive-by
    Log-Analyse und Auswertung - 20.03.2012 (16)

Zum Thema multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess - Hallo! Erst einmal ein super Lob an dieses gut durchstrukturierte und hilfreiche Forum und Daumen hoch an die Leute, die sich hier jeden Tag um die Probleme anderer kümmern! Hoffentlich - multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess...
Archiv
Du betrachtest: multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.